Git: Living on the Edge isn’t for the Dumb

As you may know I’ve been using git as my primary ftp, version control and way to put my projects online for public access and viewing. However, there is a very important thing when considering using these great technology: .gitignore.

Now, when using oAuth, you need a client identity and a client secret. For me, I don’t want to hard code them because that will make them publicly accessible so I stored them in a json file. I thought I followed ignoring the json by adding

^(.*)/secret.(.*)$

to the .git/info/exclude file, however I did not do it right
asĀ ^(.*)/secret.(.*)$ is different thanĀ ^(.*)secret\.(.*)$ and quite possibly is completely incorrect

Now first i uploaded it to github, only to find that the file was still there. This through to a flurry as for the last three commits I had assumed everything was peachy clean (I am still learning everything so I don’t hate myself for it. Luckily I was able to find this tutorial on github.

Not only was I able to remove my secret from the commit, but also able to add to the .gitignore in a simple manner. My fears relaxed and a feeling for relief ensued.

Just to add to the security, I also made a proper .htaccess to hide the file

RewriteEngine On
RewriteRule ^(.*)secret\.(.*)$ /404 [L]