Hide password when checking config file in git [duplicate]
Possible Duplicates:
What is the best practice for dealing with passwords in github? How can I track system-specific config files in a repo/project?
Hi,
I would like to hide
DATABASE_NAME = ''
DATABASE_USER = ''
DATABASE_PASSWORD = ''
DATABASE_HOST = ''
Line 13 to 17 of the default Django settings.py file when checking it in github.
I still want to check it in tho, because I am adding modifications from time to time. I just want these four lines to always be set to empty.
You could also have an extra settings file which holds passwords and just import them in your main settings.py
For example:
settings.py
DATABASE_PASSWORD = ''
try:
from dev_settings import *
except ImportError:
pass
dev_settings.py
DATABASE_PASSWORD = 'mypassword'
And keep dev_settings.py out of revision control.
For my configuration files, I create a config.py-example and a config.py. config.py is ignored by the version control. When I deploy, I just copy config.py-example to config.py and update the passwords.
Unfortunately, that's not how Git works - either a file is in version control, or it isn't.
If you don't want the info in Github, then don't check it in. You could keep a copy of the config file in a separate (private) repository elsewhere if you wanted, though.
I would recommend keeping settings.py with those four lines exactly as you've shown them, and have a separate, tiny Python script to add and remove the four bits of secret information (reading them from a file that's not part of your git repository, but rather is safely and secretly kept -- in a couple of copies, for safety -- in very secure places).
You can have a presubmit check to make sure you never, ever push a settings.py that has not been shorn of the secrets (I don't know git enough to tell if it has "presubmit triggers" that can modify the repo, as well as presubmit checks that just check it, but, if it does, then clearly it may be more convenient for you to use said tiny Python script in such a trigger -- indeed, if that's the case, you might want to consider doing the removal/restoring of the secrets by using patch, and a simple diff file to use as its input, so you don't have to write even a line of script for the purpose).
加载中,请稍侯......
精彩评论