2

Let's say my remote project has a file, database.php, with database connection info as an array.

I want to include the file in my repo, but redact its contents. You could say I want the physical file (the shell) to be in the repo but not the content.

The idea then would be that developers who clone my repo (to work on it via localhost) fill in their own, localhost DB credentials and don't see my server DB credentials.

Is there any way Git supports this sort of thing, or is my thinking way off?

Right now the only thing I've come up with is to keep the sensitive file out of the repo, and tell my developers to make their own one for local use, and never git add it.

jonrsharpe
  • 115,751
  • 26
  • 228
  • 437
Mitya
  • 33,629
  • 9
  • 60
  • 107
  • 3
    The convention is to include e.g. database.template.php for people to copy and fill in the actual details. – jonrsharpe Jul 28 '19 at 14:17

2 Answers2

1

by using Linux server, you can use database-prod.php with symlink to database.php, and insert database.php to .gitingnore

Moshe Fortgang
  • 711
  • 4
  • 18
  • Thanks, but I'm unfamiliar with symlink. Could you elaborate? – Mitya Jul 30 '19 at 11:19
  • For example, `ln -s database-prod.php database.php`. You can check this post:https://stackoverflow.com/questions/1951742/how-to-symlink-a-file-in-linux – Moshe Fortgang Jul 30 '19 at 12:03
1

A possible approach here would be to have your "physical" file generated only when it is on the remote server. You could use environment variables for this; You would read them into variables:

# database.php
$user = getenv('DB_USER');
$password = getenv('DB_PASSWORD');

When you deploy your application to your servers, you'll need to make sure that the correct environment variables are set (take a look at your hosting providers documentation regarding this).

For a linux based server, you can create the environment variables like this:

export DB_USER="my-user"
export DB_PASSWORD="Correct Horse Battery Staple"

Now you can commit your "sensitive" file to github because it doesn't actually contain any data - only placeholders. Your sensitive data will only ever exist in environment variables on the remote host.

This approach also allows you to have different database credentials for different environments without needing to change your code. You will only need to change the environment variables depending on where your application is running - local/staging/production.

Lix
  • 47,311
  • 12
  • 103
  • 131
  • Thanks. Sounds a little more involved and outside of my comfort zone than I was hoping, but I'll have a look into it. – Mitya Jul 30 '19 at 11:20