Git:从存储库中删除凭据 [英] Git: Remove credentials from repository
问题描述
当前状态:我将一个内部数据库凭证提交给我的Git存储库。这很好,因为我只用它一个人。然后,我的团队开始克隆,推动并推进这个项目。我们现在有几个Git仓库(一个中央仓库和一些开发商)。
问题:现在我们想让公共访问源代码,以及Git存储库或至少让Git管理其他人对代码作出贡献的细节。
问题:会是什么
a)使用来自中央或所有存储库的证书删除文件,或者
b)建立一个新的Git仓库作为外部世界的'界面'?
如果选择(b),我们如何轻松地将变化传回主存储库?
由于已经广泛分布,我们真的不想做一个 git rebase 或者一个 git filter-branch 在每个当前的存储库上。
,但如果你想要删除这个文件,你会被困在运行 git filter-branch 来自主存储库的凭证。请参阅由GitHub的人撰写的删除敏感数据。
由于git的设计,无法强制现有的克隆从相应的历史记录中删除文件。
您可以清理单个文件分支,并将其作为未来开发的基础:
$ git checkout -b旧版主master
$ git过滤器-branch ... master
现在您需要将清理过的主人推送到新的回购站只包含干净的大师:
$ git push new-central master
现有回购可以添加新的远程和 git cherry-pick 将旧分支从新分支更改为新干净主分区。 p>
对于新的存储库,放置某种类型的存储库以防止有人将敏感数据发送给它,这样就不会再有同样的问题了。这种障碍可能是控制新中央存储库的人类,并审查所有补丁以确定进入的内容。
At first: This is (hopefully) no duplicate of this or this.
The current status: I committed a file with credentials for an internal database to my Git repository. This was fine, as I used it only alone. Then my group started to clone, push and pull around in this project. We now have several Git repositories (one central and some developers).
The problem: We now want to give public access to the source code, and to the Git repository or at least let Git manage the details of others contributing to the code.
The question: What would be a good strategy to
a) remove the file with the credentials from the central or from all repositories, or
b) set up a new Git repository as kind of 'interface' to the outer world?
If choosing (b), how could we easily communicate changes back to the main repository?
Due to the already widespread distribution, we'd really like to not do a git rebase or a git filter-branch on each and every current repository.
Sorry, but you're stuck with running git filter-branch if you want to delete the credentials from the main repository. See Removing sensitive data, written by the folks at GitHub.
Due to git's design, there's no way to force existing clones to delete the file from their respective histories.
You could sanitize a single branch and make it the basis for future development:
$ git checkout -b old-master master
$ git filter-branch ... master
Now you'd need to push the sanitized master to a new repo that contains only the clean master:
$ git push new-central master
Existing repos can add the new remote and git cherry-pick changes from their old branches over to the new clean master if necessary.
For the new repository, put some sort of barrier in place to prevent someone pushing sensitive data to it so you don't have the same problem all over again. This barrier might be a human being who controls the new central repository and reviews all patches to decide what goes in.
这篇关于Git:从存储库中删除凭据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
