3

I wonder if my developer certificate or private key (or anythings that is my private identities) are stored in the git when I just commit and push them without .gitignore file.

If it is, how can I remove them or prevent the situation when creating a new repository.

** When I delete a local project and clone the whole new project from git, my code signing is still the same.

I've read this link: Git ignore file for Xcode projects but it seems they don't even care about any code signing or I just worry about it too much?

Community
  • 1
  • 1
OffCS
  • 441
  • 3
  • 15
  • It seems like they could be if the files are anywhere in the subdirectory trees of your projects. You can't "remove them" if someone has cloned your repository already; if you suspect a breach, make new ones. Private keys for SSH are ordinarily stored in `.ssh` under your Home folder so they're out of the way; my advice is to keep all important files in places like that (i.e. directories that have restricted permissions, located in parallel with but *not inside* the areas where you check out code). – Kevin Grant Jul 19 '12 at 05:31

2 Answers2

0

If those certificate or keys were stored in your local repo, they could be added and committed (and then pushed) by git.

But reading "Getting “A valid signing identity matching this profile could not be found in your keychain” warning", I don't think they are store in any repo at all.
They are in a keystore or keychain of a browser (preferably a safari one), and have nothing to do with your repo. Same for private ssh keys (~/.ssh).

Community
  • 1
  • 1
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
0

Thanks to Ray Wenderlich for the deep details about the code signing process of iOS.

It said that any private identities are not included in the project (and thanks to VonC). So, don't worry about publishing your private identities on a public git repo, anyway, using .gitignore which was discussed here is a good practice.

Thank you all.

Community
  • 1
  • 1
OffCS
  • 441
  • 3
  • 15