Hiding GitHub token in .gitconfig

Question

I would like to store all of my dotfiles on GitHub, including .gitconfig which requires me to hide the GitHub token in the .gitconfig.

To do so I have a ".gitconfig-hidden-token" file which is the file I intend to edit and put under git that hides the token:

...
[github]
user = giuliop
token = --hidden--
...

And a shell script which I need to launch if I modify the ".gitconfig-hidden-token" file to create the ".gitconfig" file:

cp .gitconfig .gitconfig.backup
sed 's/--hidden--/123456789/' .gitconfig-hidden-token > .gitconfig

The drawback is the need to manually launch the script everytime I modidy the file. Is there a better, fully automated way to do this?

Dave Dopson · Answer 1 · 2014-03-19T23:45:13.873

40

I just fixed this up for myself. The "proper" way to solve the issue is to split your gitconfig into two files, a public one with the alias/config/etc, and a private file that keeps your username and secrets. Like so...

From https://github.com/ddopson/dotfiles ...

.gitconfig:

[include]
  # For username / creds / etc
  path = ~/.gitconfig.local

[alias]
  ...

.gitconfig.local:

[user]
  user = ddopson
  name = Dave Dopson
  email = ddopson@gmail.com
  token = a123uber456secret789ceprivate000key78

[credential]
  helper = osxkeychain

.gitignore:

/.gitconfig.local

edited Mar 19 '14 at 23:45

answered Nov 28 '12 at 22:28

Dave Dopson

41,600
19
95
85

1

If you keep your `.gitconfig.local` file in the same development directory as your dotfiles git repository, don't forget to add `.gitconfig.local` to your project's `.gitignore`. – Matthew Rankin Mar 07 '14 at 13:36

fge · Accepted Answer · 2011-12-14T14:32:35.677

10

Add your .gitconfig with git add -N.

Then git add -p it, edit the hunk, replace the token with anything, and push that. No need for an extra file this way.

Addendum: on additional modifications of your file, use git add -p again, and edit the hunk so that your initial manipulation not be overwritten.

edited Dec 14 '11 at 14:32

answered Dec 14 '11 at 14:07

fge

119,121
33
254
329

3

what happens if I edit the file subsequently and `git add` it forgetting the `-p`? I suppose the token would be published then – gws Dec 14 '11 at 14:40
@gws: indeed, but then you can (and should probably) use `git diff --cached` before committing, and in case of error, just `git reset` the file as well. – fge Dec 14 '11 at 14:46
3

I think the correct approach is to use `include` per the answer of @ddopson – Hedgehog Dec 03 '12 at 01:56

score 3 · Answer 3 · edited May 23 '17 at 11:46

3

You can now include another file in your gitconfig. You could put your github section in that extra file. See this question: Is it possible to include a file in your .gitconfig

edited May 23 '17 at 11:46

Community

1
1

answered Jun 21 '12 at 01:04

idbrii

10,975
5
66
107

Dennis · Answer 4 · 2013-05-10T07:41:47.133

1

I made a script to update my dotfiles repo, it also redacts sensitive information such as my github token. I don't think the github token is used by GitHub anymore though, but correct me if I'm wrong.

You can view my script here.

edited May 10 '13 at 07:41

answered May 27 '12 at 19:39

Dennis

56,821
26
143
139

Hiding GitHub token in .gitconfig

4 Answers4

Linked