Hiding GitHub token in .gitconfig
I would like to store all of my dotfiles on GitHub, including .gitconfig which requires me to hide the GitHub token in the .gitconfig.
To do so I have a ".gitconfig-hidden-token" file which is the file I intend to edit and put under git that hides the token:
... [github] user = giuliop token = --hidden-- ...
And a shell script which I need to launch if I modify the ".gitconfig-hidden-token" file to create the ".gitconfig" file:
cp .gitconfig .gitconfig.backup sed 's/--hidden--/123456789/' .gitconfig-hidden-token > .gitconfig
The drawback is the need to manually launch the script everytime I modidy the file. Is there a better, fully automated way to do this?
Add your .gitconfig with git add -N.
Then git add -p it, edit the hunk, replace the token with anything, and push that. No need for an extra file this way.
Addendum: on additional modifications of your file, use git add -p again, and edit the hunk so that your initial manipulation not be overwritten.
I just fixed this up for myself. The "proper" way to solve the issue is to split your gitconfig into two files, a public one with the alias/config/etc, and a private file that keeps your username and secrets. Like so...
From https://github.com/ddopson/dotfiles ....gitconfig:
[include] # For username / creds / etc path = ~/.gitconfig.local [alias] ....gitconfig.local:
[user] user = ddopson name = Dave Dopson email = email@example.com token = a123uber456secret789ceprivate000key78 [credential] helper = osxkeychain.gitignore:
You can now include another file in your gitconfig. You could put your github section in that extra file. See this question: Is it possible to include a file in your .gitconfig
I made a script to update my dotfiles repo, it also redacts sensitive information such as my github token. I don't think the github token is used by GitHub anymore though, but correct me if I'm wrong.
You can view my script here.