问题
Suppoe I am working in git and I make a branch called sensitive and commit sensitive data (e.g. passwords, keys) in sensitive. I never commit sensitive data in master, and I never merge sensitive into master, but I do pull master into sensitive. When I git push origin master, is there any danger that I will push blobs of sensitive data to the server?
回答1:
Your question is about Git but, in fact, your problem is a different one. And it has (at least) one solution.
- Put the sensitive data in a file named, let's say,
configand add it's name (and path) to.gitignore. - Create a duplicate of this file, let's name it,
config.dist, replace the sensitive data with dummy data and add it to the repository (it must never contain sensitive data). Explain in the header of the file that it must be copied asconfigand customized. - Let the code load its configuration from
config. For bonus points, you can let it loadconfig.distifconfigis not available. - Commit and push.
The file config.dist works as a template for the actual config file that is never stored in the repo. Each developer can customize their config file as they need/want. Let config/config.dist contain all the information that change from one system to another or might change during the lifetime of the project (file paths, database connection parameters, passwords etc.)
To answer your question, the solution presented above is 100% safe (let apart the human errors). Since the config file never reaches the repo, no matter how Git works internally, the sensitive data will never be pushed to a remote repo.
回答2:
No, there is no danger. If you do not consider the sharing of sensitive data to all the people that can access to you repository.
来源:https://stackoverflow.com/questions/44236984/is-it-safe-to-keep-sensitive-data-in-branches-that-are-not-pushed