Home > front end >  How can I copy a git repo to another hiding sensitive data?
How can I copy a git repo to another hiding sensitive data?

Time:08-09

I have a private git repo in my private server.

I want to copy a branch of the repo (including history) to the master branch of a public repo in Github or Bitbucket, but excluding some sensitive files (which includes passwords and credentials).

What is the best case for this?

CodePudding user response:

Basic answer: You can't.

More precise answer: you can, but it's too hard; don't attempt it, as your secrets are likely to escape, and once they have escaped, closing the barn door afterward won't keep the horses in, because the horses have now been cloned. That is, you may see that things are fine in your own repository, but the secrets were copied, and you don't know if the copies have been copied and widely distributed.

Your best bet here is to split things up:

  • In your Git repository (or your first one), you keep things—contents—that aren't damaging if copied.

  • In your secrets-vault (or second Git repository that you control very very tightly ), you keep the secrets—preferably encrypted, if they're all that sensitive.

You then need not worry about the Git repository (or the first one). You do have to structure your software so that the fact that there's one repository, and a separate secrets-vault, is not a problem.

If your problem is now that you have a repository in which the secrets are intermingled with the non-secrets, you will need to build a new, carefully-controlled, separated repository where this is not the case. Consider the git filter-repo program for this task. Inspect the new repository extremely carefully to make sure no secrets have leaked into it.

  •  Tags:  
  • git
  • Related