Hiding GitHub token in .gitconfig
Solution 1
Add your .gitconfig with git add -N
.
Then git add -p
it, edit the hunk, replace the token with anything, and push that. No need for an extra file this way.
Addendum: on additional modifications of your file, use git add -p
again, and edit the hunk so that your initial manipulation not be overwritten.
Solution 2
I just fixed this up for myself. The "proper" way to solve the issue is to split your gitconfig into two files, a public one with the alias/config/etc, and a private file that keeps your username and secrets. Like so...
From https://github.com/ddopson/dotfiles ...
[include]
# For username / creds / etc
path = ~/.gitconfig.local
[alias]
...
.gitconfig.local:
[user]
user = ddopson
name = Dave Dopson
email = [email protected]
token = a123uber456secret789ceprivate000key78
[credential]
helper = osxkeychain
.gitignore:
/.gitconfig.local
Solution 3
You can now include another file in your gitconfig. You could put your github section in that extra file. See this question: Is it possible to include a file in your .gitconfig
Solution 4
I made a script to update my dotfiles repo, it also redacts sensitive information such as my github token. I don't think the github token is used by GitHub anymore though, but correct me if I'm wrong.
You can view my script here.
Related videos on Youtube
gws
Updated on June 04, 2022Comments
-
gws almost 2 years
I would like to store all of my dotfiles on GitHub, including .gitconfig which requires me to hide the GitHub token in the .gitconfig.
To do so I have a ".gitconfig-hidden-token" file which is the file I intend to edit and put under git that hides the token:
... [github] user = giuliop token = --hidden-- ...
And a shell script which I need to launch if I modify the ".gitconfig-hidden-token" file to create the ".gitconfig" file:
cp .gitconfig .gitconfig.backup sed 's/--hidden--/123456789/' .gitconfig-hidden-token > .gitconfig
The drawback is the need to manually launch the script everytime I modidy the file. Is there a better, fully automated way to do this?
-
gws over 12 yearswhat happens if I edit the file subsequently and
git add
it forgetting the-p
? I suppose the token would be published then -
fge over 12 years@gws: indeed, but then you can (and should probably) use
git diff --cached
before committing, and in case of error, justgit reset
the file as well. -
Hedgehog over 11 yearsI think the correct approach is to use
include
per the answer of @ddopson