2

I was wondering if there is a way to restrict some files from ever being pushed to a git repo?

I have a file with username and password information that I want to make sure will never get pushed to my repo for obvious reasons.

I am using git for my version control. I was wondering if it is possible to have git not allow my file "passwords.txt" to be uploaded to my repo. So if I were to accidentally add, commit, and push the file it would throw an error saying something like "Cannot push passwords.txt to the repo."

Is this possible, or do I just need to be very carful when adding and committing my files?

user1334858
  • 1,885
  • 5
  • 30
  • 39

2 Answers2

4

It is simply too risky to try and never push the file.

Make sure your password.txt is not versioned (git rm --cached, and added to the .gitignore)

Then you can register a smudge script, which will generate the file with sensitive information on git checkout.

That is part of a content filter driver, using using .gitattributes declaration.

enter image description here (image from "Customizing Git - Git Attributes", from "Pro Git book")

That 'smudge' script( that you have to write) would need to:

  • fetch the right values (from a source outside the repo, that way no risk to add and push by mistake)
  • generate the password.txt, using a tracked manifest template password.txt.tpl with placeholder value in it to replace.

That means:

  • the template password.txt.tpl is added to the git repo
  • the generate file password.txt is declared in the .gitignore file and never versioned (and never pushed).
Community
  • 1
  • 1
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
3

In your project folder, create a .gitignore file.

Then in the file, insert this line: 

passwords.txt

The .gitignore file will tell Git what to ignore.

You can ignore files and folders.

If you've accidentally committed the passwords.txt before, tell Git to exclude it from now on with this command:

git rm --cached passwords.txt

Running git status will show passwords.txt as an untracked file so it won't be included in future commits - so keep the .gitignore file updated.


To see usage patterns, you'd want to reference the gitignore manual.

See more use cases at github octocat and gitignore.io

pyfork
  • 3,747
  • 2
  • 21
  • 18
  • however, if you don't realize, you accidentally added the ```passwords.txt``` it will still be pushed to the repository – hardmooth Feb 11 '21 at 09:32