0

For example, I am developing a PHP website with CodeIgniter framework which requires my hashing key to be placed in the Application/config/config.php file. I certainly don't want to push my website's hashing key to GitHub, but still I want to push other configuration settings like the locale, charset etc.

What is the best way to deal with a situation like this?

  • 1
    Create a single file with the private stuff and put its name into the `.gitignore` file – ByteHamster Jan 10 '18 at 06:51
  • create `config.php.dist` file with configuration structure, but without real values (with some dummy values) and push it to git, and .gitignore real `config.php` file – ArtOsi Jan 10 '18 at 06:52
  • Possible duplicate of [What is .gitignore exactly?](https://stackoverflow.com/questions/27850222/what-is-gitignore-exactly) – Abdulla Nilam Jan 10 '18 at 06:54
  • The main goal should be to publish your code in the repository without force other authors to have neither the same settings nor to refactor code for an running environment. Generally the best way, afaik, is to use .env-files for global configs like databasepassword. Then you should be able to use let the existing config as it is and overwrite them with your custom global config. Every authjor CAN overwrite the settings but dont have to – Spears Jan 10 '18 at 06:55
  • @unherz but I am using a framework i.e. CodeIgniter, how can I do that? –  Jan 10 '18 at 07:13
  • @ByteHamster How can I do that in a framework like CodeIgniter? I guess you are suggesting me to hack the code of CI. –  Jan 10 '18 at 07:14

3 Answers3

1

You can create a .gitignore file and add the path to files that you think you need not push to GIT. See this Atlassian manual for more information.

Now, your .gitignore file should have:

Application/config/config.php
Thamilhan
  • 13,040
  • 5
  • 37
  • 59
  • But this will prevent the whole file from being pushed to server, I want only some certain configurations to be pushed, and not the others. –  Jan 10 '18 at 07:09
  • @SnehanshuPhukon Have you checked [this](https://stackoverflow.com/a/16244970/5447994)? I haven't worked on it, but still appears to work! – Thamilhan Jan 10 '18 at 07:14
1

You have 2 possibilities, a good and a not so good depending if your framework or language is able to do the first one.

The good:

  • Keep all your config except the sensitive ones in config.php
  • put the sensitive config in a config.user.php file (that you put in .gitignore). You could create and commit a config.user.template.php to help other users if the format is complex.
  • find a way to include this file in the first one or read yourself the configuration contained in config.user.php
  • then you could freely update and commit changes in your config due to the segregation.

The not so good one:

  • put config.php file in .gitignore
  • Create and commit a config.template.phpcontaining the config (without the sensitive data)
  • Each developper has to create and keep up to date config.php from config.template.php (it's a little painful)
Philippe
  • 28,207
  • 6
  • 54
  • 78
0

There are few ways to do it:

.gitignore

.gitignore is a simple text file which contains list of files which git ignore.
Every file/pattern is written on a single line and the file can be place in your root folder of your project or in any inner folder as well.

When placed in your root folder it can ignore any files/folder i any subfolders.

In case you need to keep certain file or folder you cant add the ! before the phrase.

assume-unchanged

The assume-unchanged tells git to ignore any local changes made to a given file. In your case same the file with the default or empty values and raise the unchanged flag. git will ignore any changes made so the file will not be added to your repository.

enter image description here

smudge-clean

This hidden feature of git allow you to control which content is added and pulled out from the repository which allow you to control the content of any given file.

enter image description here

git hooks

Read here this full answer on how to do it.

What are some more forceful ways than a .gitignore to keep (force) files out of a repo?

CodeWizard
  • 128,036
  • 21
  • 144
  • 167