tags:

views:

21

answers:

1

I have a Ruby on Rails application that I am trying to host on Heroku. I would also like to use a GitHub public (free) repository to track changes. I need to check-in a file containing passwords to the Heroku remote repo, but ignore the file so I don't check it in to GitHub. Is there a way I can add the file to one repo, and ignore it from another?

+1  A: 

What you could do is to add to the GitHub repo a smudge script (filter driver) which will:

  • test for the existing of a private branch
  • checkout the the password file from that branch

alt text

Since that private branch would only exist on the Heroku repo, the smudge script wouldn't do anything on the GitHub repo side.
But once pushed to the Heroku side, if a hook is checkouting a working directory on he HEroku server, then that same filter driver will kicks in and generate the sensitive file.

That being said, it is best for such a sensitive file to never be versioned in any Git repo, but rather being stored elsewhere.
The smudge script, rather than testing some Git repo content (like a private branch) would then test for an external repo (a ssh ftp, a Nexus repo, any other data referential out there where you choosed to stored those private informations), extract the right content and generate the file.

VonC
This answer explains how to simply use a private heroku branch: http://stackoverflow.com/questions/3221657/how-can-i-upload-my-application-to-github-but-remove-sensitive-authorization-info/3223543#3223543
igorw
@evil3: I see, but I won't trust a solution involving "never push branch xxx to repo yyy". It will work ok, until that day... where it is pushed anyway (by mistake). I really are more comfortable with any kind of sensitive information *outside* of any Git repo.
VonC