在 git 存储库中保密的最佳做法是什么? [英] What is best practice for keeping secrets out of a git repository?

问题描述

问题

将此文件树视为我的开发存储库.

<前>- 富/- .git/- [...]- 酒吧/- 备份客户端.py- supersecretstoragecredentials.ini

对于开发，supersecretstoragecredentials.ini 需要填写有效的凭据 - 而我仍然必须在存储库中保留它的干净版本，以便其他用户可以轻松设置他们的凭据.

可能的解决方案

1. .gitignore supersecretstoragecredentials.ini 并创建一个supersecretstoragecredentials.ini-example，
   1. 指示用户将supersecretstoragecredentials.ini-example复制到supersecretstoragecredentials.ini.

2. 在 backup.py 中添加一个被 git 忽略的覆盖配置文件位置，例如 supersecretstoragecredentials_local.ini.

正如 kan 指出的那样，这两种解决方案在工作流程方面相似但不完全相同.

还有其他选择吗?git 是否具有某种功能来帮助解决此类问题?

解决方案

用一些占位符值检查 supersecretstoragecredentials.ini 文件，然后

git update-index --assume-unchanged supersecretstoragecredentials.ini

Git 不会跟踪此文件的未来更改.

您可以使用

重置此设置

git update-index --no-assume-unchanged supersecretstoragecredentials.ini

Problem

Consider this file tree as my development repository.

 - foo/
   - .git/
     - [...]
   - bar/
     - backupclient.py
   - supersecretstoragecredentials.ini

For development, supersecretstoragecredentials.ini needs to be filled in with valid credentials - while I still have to keep a clean version of it in the repository so that other users can easily set their credentials.

Possible solutions

1. .gitignore supersecretstoragecredentials.ini and create a supersecretstoragecredentials.ini-example,
   1. instruct the user to copy supersecretstoragecredentials.ini-example to supersecretstoragecredentials.ini.

2. Add an overriding config file location in backup.py which is ignored by git, e.g. supersecretstoragecredentials_local.ini.

As kan pointed out, these two solutions are similar but not entirely the same, workflow-wise.

are there any other alternatives? Does git possess some kind of functionality to assist with this kind issues?

解决方案

Check in the supersecretstoragecredentials.ini file with some placeholder values and then

git update-index --assume-unchanged supersecretstoragecredentials.ini

Git will not track future changes to this file.

You can reset this using

git update-index --no-assume-unchanged supersecretstoragecredentials.ini

这篇关于在 git 存储库中保密的最佳做法是什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！