As you may know I’ve been using git as my primary ftp, version control and way to put my projects online for public access and viewing. However, there is a very important thing when considering using these great technology: .gitignore.
Now, when using oAuth, you need a client identity and a client secret. For me, I don’t want to hard code them because that will make them publicly accessible so I stored them in a json file. I thought I followed ignoring the json by adding
^(.*)/secret.(.*)$
to the .git/info/exclude file, however I did not do it right
as ^(.*)/secret.(.*)$ is different than ^(.*)secret\.(.*)$ and quite possibly is completely incorrect
Now first i uploaded it to github, only to find that the file was still there. This through to a flurry as for the last three commits I had assumed everything was peachy clean (I am still learning everything so I don’t hate myself for it. Luckily I was able to find this tutorial on github.
Not only was I able to remove my secret from the commit, but also able to add to the .gitignore in a simple manner. My fears relaxed and a feeling for relief ensued.
Just to add to the security, I also made a proper .htaccess to hide the file
RewriteEngine On RewriteRule ^(.*)secret\.(.*)$ /404 [L]