1

I have a public repo (that I'd like to keep public), but with submodules for private repos. I deploy to Heroku (which is a flexible point - I'm more than happy to consider other PaaS's if it will resolve this issue) and I've been running into problems pushing my submodules - the error message looks like this.

Heroku gives you a way to add private module dependencies, but that involves putting my password in a plain text .gitmodules file, which obviously isn't a great thing to do, especially for a public repo.

Short of symlinking those private repos to directories within my project - which I will probably do if there is no other sensible solution - what else can I possibly do to (a) keep my public repo public, (b) keep my private submodules private, and (c) not expose my private repo password in my public repo?

Community
  • 1
  • 1
3cheesewheel
  • 9,133
  • 9
  • 39
  • 59

1 Answers1

0

No need to embed the username and password into the repository URL.

You can encrypt all the different credentials into one ~/.netrc.gpg, and declare a credential helper that will make git find the right credentials for the right repos.

git config --local credential.helper "netrc -f /path/to/.netrc.gpg -v"

See "Is there a way to skip password typing when using https:// github".
As I mention in "Configure Git clients, like GitHub for Windows, to not ask for authentication", this even is compatible with the recent two-factor authentication of GitHub.

Community
  • 1
  • 1
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250