从git存储库保密的最佳做法是什么? [英] What is best practice for keeping secrets out of a git repository?
问题描述
考虑将此文件树作为我的开发存储库。
$ p>- foo /
- .git /
- [...]
- bar /
- backupclient.py
- supersecretstoragecredentials。 ini
对于开发, supersecretstoragecredentials.ini 需要使用有效凭证填写 - 但我仍然需要在存储库中保留一个干净的版本,以便其他用户可以轻松设置其凭据。
可能的解决方案
-
.gitignoresupersecretstoragecredentials.ini并创建一个supersecretstoragecredentials.ini-example,
- 指示用户复制
supersecretstoragecredentials.ini-example至supersecretstoragecredentials.ini。
- 指示用户复制
- 在
backup.py中添加一个覆盖配置文件位置,它是被git忽略,例如supersecretstoragecredentials_local.ini。
正如 kan 所指出的那样,这两种解决方案是类似的,但不完全相同,工作流程明智。 / em>
是否有其他选择? git 是否拥有某种功能来帮助解决此类问题?
<使用一些占位符值检查supersecretstoragecredentials.ini文件,然后
git update-index --assume-unchanged supersecretstoragecredentials。 ini
Git不会跟踪此文件的未来更改。
您可以使用
git update-index - no-assume-unchanged supersecretstoragecredentials.ini
Problem
Consider this file tree as my development repository.
- foo/
- .git/
- [...]
- bar/
- backupclient.py
- supersecretstoragecredentials.ini
For development, supersecretstoragecredentials.ini needs to be filled in with valid credentials - while I still have to keep a clean version of it in the repository so that other users can easily set their credentials.
Possible solutions
.gitignoresupersecretstoragecredentials.iniand create asupersecretstoragecredentials.ini-example,- instruct the user to copy
supersecretstoragecredentials.ini-exampletosupersecretstoragecredentials.ini.
- instruct the user to copy
- Add an overriding config file location in
backup.pywhich is ignored by git, e.g.supersecretstoragecredentials_local.ini.
As kan pointed out, these two solutions are similar but not entirely the same, workflow-wise.
are there any other alternatives? Does git possess some kind of functionality to assist with this kind issues?
Check in the supersecretstoragecredentials.ini file with some placeholder values and then
git update-index --assume-unchanged supersecretstoragecredentials.ini
Git will not track future changes to this file.
You can reset this using
git update-index --no-assume-unchanged supersecretstoragecredentials.ini
这篇关于从git存储库保密的最佳做法是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
