gitversion-controlbranchsensitive-data

Safe to Git commit passwords to a branch that never gets pushed?


If I have two branches, master & secret. And I commit sensitive data into secret, but never push secret, only push master to a public repo. If I never merge between them, only rebase secret, is there any chance my sensitive data could end up in the remote repository index somehow?

Use-case: I keep my ~/.config directory of all my machines in a public Git repository. However there's some programs which need passwords and aren't able to use environment vars. My idea is keeping different branches for sensitive data for each machine, and using git hooks to deny sensitive data into branch master, and disallow pushing machine branches publicly. But I'm worried


Solution

  • You have to be exceedingly careful to make sure your secret bits are not pushed to the remote repository. For example, if you merge from secret to master or accidentally push secret, they get out. See How to disable git push when there are TODOs in code? for implementing the policy with a hook, but a hook can fail its intended purpose too.

    Even though, yes, it is technically possible to keep secret bits secluded in your own local git repository, I recommend leaving sensitive data out of your repository completely and instead placing them in configuration or source files, possibly excluded in .gitignore depending on their respective locations.