Make some files private in a repository

I had the same problem, and went with option #1 from the answer by aspyct. My project is open source like yours, but also had a few parts that contain sensitive info. I did the following:

  1. Added a folder to my project (in visual studio)
  2. Added that folder to my .gitignore
  3. Created a text file in that folder that was included into git and visual studio.
  4. Cloned a private repo into a subfolder.

That way, anyone from GitHub or from looking in visual studio and see that files are missing, and the text file shows them how to get the application to build without the sensitive files.


Although keeping passwords in the repository is a bad practice as @aspyct has explained, I want to add that not all things that one might want to keep private in a repository are passwords, e.g., one might want to develop a new feature but not expose it until it's done(or maybe expose it never).

In these cases, we can create two remote repositories both associated with the same local repository, but each corresponding to a different branch. Here's a step by step instruction:

  1. Create two remote repositories(on GitHub or BitBucket or wherever else) with different names, for example: one myrepo and the other privates.myrepo. Make the myrepo a public repository and the privates.myrepo a private repository.
  2. On local, initiate a single git repository: git init.
  3. Add the non-private files now in the repository and make an initial commit.
  4. Connect this repository to the public remote:
git remote add <remote_branch_name> <remote_repository_address>

in our example which becomes:

git remote add origin https://github.com/<YOUR_USERNAME>/myrepo.git

  1. Push: git push -u origin master

  2. Now add a branch to the local repository and switch to it: git checkout -b private_work

  3. Here comes the important step: Connect this branch to the other remote, i.e, the private one. In our example:

git remote add privates https://github.com/<YOUR_USERNAME>/privates.myrepo.git
  1. Next, add the private files to the local repository and make a commit.
  2. Push the private_work branch to the privates remote: git push -u privates private_work

Read more explanation on how it works here: https://24ways.org/2013/keeping-parts-of-your-codebase-private-on-github/. I've also learned this from him.

See a cool terminal-show recording of all these steps together here: http://showterm.io/04130676d3401229e7df6

Also, you can add an alias like alias private_push='git push privates private_work in an startup script like .bashrc in case you're on Linux, in order to lower the chances of making a wrong push of private work to the public repository.


I see three options:

  1. either you add these files to your .gitignore, don't commit them into the repository. You may optionally provide templates for these files (something like config.php.example), for other people to customise them. That way, they can keep their config and pull the changes easily.

  2. or you put these files outside of the repository, and reference them with a relative path. define('CONFIG_DIR', '../config/');

  3. (not recommended, submodules are hard) or you put these files in a git submodule. That'll be a little longer though ;)

For reference, the Symfony framework (PHP) uses the first option and provides configuration templates.

I've used successfully option 2 in many projects, it just works, but is less user-friendly.

Never used option 3 for this kind of cases, and submodules are probably not the best tool for this. It can work though...

Tags:

Git

Github

Recent Posts