1

For security reason I can't put a file in .gitignore, but so often I just do git add .. Now what I do is just copy the file into my private notepad, reusing it so that I don't push it to my repo. Is there any better solution than that?

Alicia Y
  • 367
  • 5
  • 12
  • Would using something like a keyring be an option? – BeRT2me Apr 18 '22 at 05:36
  • 1
    What are the security reasons that you can't put a file in `.gitignore`? The whole point of `.gitignore` is to prevent committing files which have sensitive data. If the file name reveals sensitive information, can you just change the name? – Code-Apprentice Apr 18 '22 at 05:44
  • 3
    Does this answer your question? [How do you make Git ignore files without using .gitignore?](https://stackoverflow.com/questions/653454/how-do-you-make-git-ignore-files-without-using-gitignore) – Code-Apprentice Apr 18 '22 at 05:44

2 Answers2

2

The best solution if you can is to have the actual key outside of the repository:

  • no .gitignore needed,
  • no git update-index --assume-unchanged file.txt. trickery,
  • no add/commit/push by mistake possible of the sensitive file.

You would reference that external file either through:

  • a program modification to look for the file through a relative path (../secret_file), or an environment variable (suggestion from Code-Apprentice)
  • or through a symlink (which can be versioned), again referencing as a target a relative path (../secret_file)
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
1

You can Ignore local changes to tracked files: git update-index --assume-unchanged file.txt.

A question similar to yours was asked before on another thread, maybe something else here can help you if the above solution doesn't do the work: How do you make Git ignore files without using .gitignore?

Or this other link has information that can be useful: Exlude files from git commit

Alternatively, if you're using GitHub and don't mind using the desktop application you can just unselect the file you don't want to commit and then push everything, instead of doing everything on the console/terminal. But I know not many people like this approach, so... just another solution.

Daeaznar
  • 23
  • 7