Hiding GitHub token in .gitconfig

linux git bash github
10,675

Solution 1

Add your .gitconfig with git add -N.

Then git add -p it, edit the hunk, replace the token with anything, and push that. No need for an extra file this way.

Addendum: on additional modifications of your file, use git add -p again, and edit the hunk so that your initial manipulation not be overwritten.

Solution 2

I just fixed this up for myself. The "proper" way to solve the issue is to split your gitconfig into two files, a public one with the alias/config/etc, and a private file that keeps your username and secrets. Like so...


From https://github.com/ddopson/dotfiles ...

.gitconfig: 
[include]
  # For username / creds / etc
  path = ~/.gitconfig.local

[alias]
  ...
.gitconfig.local: 
[user]
  user = ddopson
  name = Dave Dopson
  email = [email protected]
  token = a123uber456secret789ceprivate000key78

[credential]
  helper = osxkeychain
.gitignore: 
/.gitconfig.local

Solution 3

You can now include another file in your gitconfig. You could put your github section in that extra file. See this question: Is it possible to include a file in your .gitconfig

Solution 4

I made a script to update my dotfiles repo, it also redacts sensitive information such as my github token. I don't think the github token is used by GitHub anymore though, but correct me if I'm wrong.

You can view my script here.

Share:
10,675

Related videos on Youtube

gws
Author by

gws

Updated on June 04, 2022

Comments

  • gws
    gws almost 2 years

    I would like to store all of my dotfiles on GitHub, including .gitconfig which requires me to hide the GitHub token in the .gitconfig.

    To do so I have a ".gitconfig-hidden-token" file which is the file I intend to edit and put under git that hides the token:

    ...
[github]
user = giuliop
token = --hidden--
...

    And a shell script which I need to launch if I modify the ".gitconfig-hidden-token" file to create the ".gitconfig" file:

    cp .gitconfig .gitconfig.backup
sed 's/--hidden--/123456789/' .gitconfig-hidden-token > .gitconfig

    The drawback is the need to manually launch the script everytime I modidy the file. Is there a better, fully automated way to do this?

  • gws
    gws over 12 years
    what happens if I edit the file subsequently and git add it forgetting the -p? I suppose the token would be published then
  • fge
    fge over 12 years
    @gws: indeed, but then you can (and should probably) use git diff --cached before committing, and in case of error, just git reset the file as well.
  • Hedgehog
    Hedgehog over 11 years
    I think the correct approach is to use include per the answer of @ddopson

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Check if local git repo is ahead/behind remote
Unable to install git
gitk installation not working in linux
Git error 400 when doing push
Github Action - Error: Process completed with exit code 1
How to git pull without asking password?
How to auto commit to my git repository using cron?
Uninstall Git completely on Ubuntu?
Adding Git repo and branch to Tmux status line
Shell script to clone every repo of a github organization