将敏感数据保存在未推送的分支中是否安全? [英] Is it safe to keep sensitive data in branches that are not pushed?

查看:121
本文介绍了将敏感数据保存在未推送的分支中是否安全?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我在 git 中工作,我创建了一个名为 sensitive 的分支,并提交敏感数据(例如密码,键)在敏感中。我从来没有在 master 中提交敏感数据,而且我从来没有将敏感合并到 master ,但我确实将 master 放入敏感中。当我 git push origin master 时,是否有任何危险,我会将敏感数据的斑点推送到服务器?

解决方案

你的问题是关于Git,但事实上,你的问题是另一回事。它至少有一个解决方案。


  1. 将敏感数据放在一个名为的文件中,比如 config 并将其名称(和路径)添加到 .gitignore

  2. 创建此文件的副本,让我们将其命名为 config.dist ,用哑数据替换敏感数据并将其添加到存储库(它绝不能包含敏感数据)。在文件的头文件中解释它必须复制为 config 并自定义。

  3. 让代码从配置。对于奖励积分,如果 config 不可用,您可以让它加载 config.dist


    4. $ b

    文件 config.dist $ b

  4. 提交并推送。
    5. 作为实际 config 文件的模板,它永远不会存储在回购中。每个开发人员都可以根据需要定制他们的 config 文件。让 config / config.dist 包含从一个系统更改为另一个系统的所有信息,或者可能会在该项目(文件路径,数据库连接参数,密码等)



    要回答你的问题,上面提出的解决方案是100%安全(让人为错误分开)。由于 config 文件永远不会到达回购站,因此无论Git如何在内部工作,敏感数据都不会被推送到远程回购站。


    Suppoe I am working in git and I make a branch called sensitive and commit sensitive data (e.g. passwords, keys) in sensitive. I never commit sensitive data in master, and I never merge sensitive into master, but I do pull master into sensitive. When I git push origin master, is there any danger that I will push blobs of sensitive data to the server?

    解决方案

    Your question is about Git but, in fact, your problem is a different one. And it has (at least) one solution.

    1. Put the sensitive data in a file named, let's say, config and add it's name (and path) to .gitignore.
    2. Create a duplicate of this file, let's name it, config.dist, replace the sensitive data with dummy data and add it to the repository (it must never contain sensitive data). Explain in the header of the file that it must be copied as config and customized.
    3. Let the code load its configuration from config. For bonus points, you can let it load config.dist if config is not available.
    4. Commit and push.

    The file config.dist works as a template for the actual config file that is never stored in the repo. Each developer can customize their config file as they need/want. Let config/config.dist contain all the information that change from one system to another or might change during the lifetime of the project (file paths, database connection parameters, passwords etc.)

    To answer your question, the solution presented above is 100% safe (let apart the human errors). Since the config file never reaches the repo, no matter how Git works internally, the sensitive data will never be pushed to a remote repo.

    这篇关于将敏感数据保存在未推送的分支中是否安全?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆