What's a solution to masking sensitive parts of code pushed using Git?

Question

This question doesn't really pertain specifically to Git. I have some code that I'm pushing to a public repository, and all but a few lines are private. Specifically, there's a file that includes credentials for sending mail via SMTP, and I'd like to leave that out.

What are the best/popular solutions to this? Is there something fancy I don't know about like some private after-push hook? The only solution I have in mind is to put all these sensitive variables in a class and simply not add that class to Git.

Answer 1

The only solution I have in mind is to put all these sensitive variables in a class and simply not add that class to Git.

Yes, that's how to do it. Or better yet, leave credentials out of your code entirely, and put them in a configuration file (which you don't check into Git). The key part of this is "don't check it in to Git", at least, not if you want to share your repository.

Be warned that if you ever did check in those credentials, and you publish the repository, someone can look through history to find them. There are ways to scrub sensitive data from the repository history but it can be tricky to get it right.

Answer 2

In my opinion, the only correct solution for private data like credentials and other comparable settings is to store them in configuration files, which shall not be stored in any public repository. But publish some commented default configuration file without any credentials.