Prevent your credentials from being committed to git

Sometimes you want to add local credentials to a configuration file without adding them to version control or you just want to make sure credentials dont get added to version control at all. Git filters can be used to filter out credentials.

A filter is just a simple pipe command which reads content from STDIN and outputs the filtered content to STDOUT.

An example filter script in ruby:

And the same example in perl:

It will replace most username fields in ini and yaml style files with ‘username’ and passwords with ‘secret’.

The next step is to define the a filter with this script in your global git config:

This will add a section with your filter script to the .gitconfig file:

The next step is to apply this filter in your git projects. This is done with git attributes. To filter yaml config files add the following line to .gitattributes in the root directory of your git repository:

Create the file if it does not yet exist. And commit it to the repository. If the filter is not configured in someone else git client it will be ignored.

Leave a Reply

Your email address will not be published. Required fields are marked *