2

Is there any good way to handle permission to single files in git repository?

I have .net project which I want to share with my team. What I don't want to share are connection strings to production db, storage and so on.

I know I could create new branch with these files, but it's getting much more complicated.

Ari
  • 3,101
  • 2
  • 27
  • 49

2 Answers2

1

You shouldn't add sensitive data to your repository to start with. Instead, add the respective filenames to .gitignore so you never accidentally commit them.

If you really have to have the files in the repository, use a githook to encrypt the files before committing and decrypt on checkout only if the correct key is present. Here's a starting point for that. edit In case you really want to do this, git-crypt sounds helpful

Tobias Kienzler
  • 25,759
  • 22
  • 127
  • 221
1

The real answer is that you should not have any sensitive data embedded in your code like this. Connection strings should be read at runtime from some configuration storage (of any like, be in app.config or an INI-file or whatever else), and if you settle on configuration files, you should only keep in the repository samples for these files which are for the reference only.

kostix
  • 51,517
  • 14
  • 93
  • 176
  • configs are files I am talking about. I don't want to store them in my personal computer only. I'd like to be able to manage permissions for these files. If I need to update production environment I just merge git and publish it. – Ari Aug 06 '13 at 10:39
  • @Ari As kostix and I stated, a repository should _never_ contain sensitive data, and the only permission-like thing you can do with git is using e.g. gitolite to make certain branches only available to a limited set of users. There is no way to "hide" files in a commit from specific users, since the absence of these files would yield a different commit id. – Tobias Kienzler Aug 06 '13 at 13:32
  • 1
    @Ari, Git is not a deployment tool. But even if you're using it like this, what's the problem with not keeping sensitive ("real") configuration file in the repository? Just make your production system have them in place and teach your code to find them at runtime. What's the problem, really? – kostix Aug 06 '13 at 16:55
  • @kostix I need to keep these files somehow. Repo seems to be a good place. – Ari Aug 06 '13 at 21:14