在何处管理您在版本控制下拥有的最敏感内容? [英] Where to manage the most sensitive content you have under version control?

问题描述

是否有任何版本控制系统允许您指定行级别的安全限制，而不是文件级别?我知道这将是可怕的.如果我不想让某些字符串进入数据库，是否应该研究钩子的概念并管理该钩子层中的所有非常敏感的信息?挂钩如何在系统之间复制?

Do any version control systems allow you to specify line level security restrictions rather than file level? I know it would be horrible to maintain. If I wanted to never allow certain strings into the database should I be looking into the notion of hooks and manage all the very sensitive information in that hook layer? How do hooks get replicated from system to system?

更新:也许管理此问题的最佳方法是pgp加密敏感数据，那些无法解密的人将被蒙在鼓里.有什么想法吗?从安全的角度来看，这可能不是最佳实践.

Update: Maybe the best way to manage this is to pgp encrypt the sensitive data and those who cannot decrypt it will be left in the dark. Any thoughts on that? Probably not a best practice from a security standpoint.

推荐答案

我们遇到了同样的问题，并决定通过建立第二个存储库来解决该问题.

We had the same problem and decided to solve it by setting up a second repository.

这起源于我需要将我们的配置管理文件存储在版本控制中时，该文件包含敏感信息.同样也可以将来自我们应用程序的敏感数据存储在其中.

This originated when I needed to store our configuration management files in version control, which contained sensitive information. It made sense to store the sensitive data from our applications in there as well.

我们最初使用 svn外部对象和

We originally used svn externals and git submodules to include the sensitive data, but later found it less troublesome to just simlink to another location.

我还发现添加适当的忽略项以防止将相同的文件检入开发存储库很有帮助.自从这样做以来，我们没有任何人不小心检查任何敏感内容.

I also find it helpful to add the proper ignores to prevent the same files ever getting checked in to the development repository. Since doing this we have not had anyone accidentally check in anything sensitive.

它有助于尝试将敏感信息保留在一组简明的配置文件中-我不会将其散布开来，放在一个地方并保护那个地方.

It helps try an keep the sensitive information contained in a concise set of config files -- I would not spread it out, put it one place and guard that place.

这篇关于在何处管理您在版本控制下拥有的最敏感内容?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！