Pushing commits on Kohana project to GitHub while ignoring config files

Question

I created a configuration file in my Kohana project that stores the OAuth access tokens and secret keys for an API in application/config.

I now want to push my code to GitHub but I don't want to expose tokens/keys on GitHub. I know with CodeIgniter, all I need to do is put these sensitive files in the application/config/development directory, set my .gitignore file to ignore the development directory (*/config/development), push my code to the remote, and continue working with my config details in the development directory.

Is there something similar or specific in working on Kohana project? Should I just create a rule in .gitignore file that ignores the application/config?

Answer 1

You can go about this in at least two ways:

• track a sample, munged version of the configuration file, ignoring the actual version
• commit a munged version of the configuration file and then ignore it from future tracking

Track munged sample version

Put the configuration files explicitly in .gitignore (no wildcards, e.g. /config/database.php) and create a copy that has the same contents, except the keys and other sensitive data is replaced with NULLs or XXXs and save that into a file like /config/database-sample.php and track, commit and push that.

Maybe even using symbolic links between the two.

Ignore with munging

Or you can commit a munged version, push that, then drop it from the index with --assume-unchanged

git update-index --assume-unchanged <file>

Any changes now to the file will not be seen by Git and you can then edit back in the keys.

In both methods you keep the structure of the project files (roughly) available for others to clone and edit as necessary for their local or development repo without having to guess that there are holes to fill.