7

I have a Ruby on Rails application that I am trying to host on Heroku. I would also like to use a GitHub public (free) repository to track changes. I need to check-in a file containing passwords to the Heroku remote repo, but ignore the file so I don't check it in to GitHub. Is there a way I can add the file to one repo, and ignore it from another?

Update: I figured out how to solve my immediate problem of storing passwords in Heroku by using Heroku Config vars. However, I'm still interested in the concept of pushing a file to only specified repos.

Andrew
  • 227,796
  • 193
  • 515
  • 708
  • I'm not familiar with Heroku, but couldn't you just manually copy the file to the Heroku server, and leave it out of version control entirely? – David Z Jul 13 '10 at 04:18
  • to "deploy" to Heroku, you add your Heroku git repo as a remote, and run "git push heroku master" to push your changes to Heroku. So, it needs to be checked in in order to push the file to Heroku. (or at least this is my understanding) – Andrew Jul 13 '10 at 04:29

2 Answers2

3

As VonC mentioned, the best (and least error-prone) bet is to keep sensitive config info out of Git and put them in environment variables on your server. Here are instructions for how to do so on Heroku:

http://docs.heroku.com/config-vars

See also the linked questions.

Aidan Feldman
  • 5,205
  • 36
  • 46
1

What you could do is to add to the GitHub repo a smudge script (filter driver) which will:

  • test for the existing of a private branch
  • checkout the the password file from that branch

alt text

Since that private branch would only exist on the Heroku repo, the smudge script wouldn't do anything on the GitHub repo side.
But once pushed to the Heroku side, if a hook is checkouting a working directory on he Heroku server, then that same filter driver will kicks in and generate the sensitive file.

That being said, it is best for such a sensitive file to never be versioned in any Git repo, but rather being stored elsewhere.
The smudge script, rather than testing some Git repo content (like a private branch) would then test for an external repo (a ssh ftp, a Nexus repo, any other data referential out there where you choosed to stored those private informations), extract the right content and generate the file.

Community
  • 1
  • 1
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • This answer explains how to simply use a private heroku branch: http://stackoverflow.com/questions/3221657/how-can-i-upload-my-application-to-github-but-remove-sensitive-authorization-info/3223543#3223543 – igorw Jul 13 '10 at 09:23
  • 1
    @evil3: I see, but I won't trust a solution involving "never push branch xxx to repo yyy". It will work ok, until that day... where it is pushed anyway (by mistake). I really are more comfortable with any kind of sensitive information *outside* of any Git repo. – VonC Jul 13 '10 at 10:18