Keeping sensitive files secure
Contents
Keeping sensitive files secure#
You will often have files that you do not want Git to add to your repository (or even show as being untracked).
These are typically files that are automatically generated (for example .log
files); however, they may also be files that contain sensitive information.
In such cases, you can use .gitignore
.
.gitignore
#
.gitignore
is not an explicit command.
Instead, it is a plain text file that tells Git which files to ignore.
Below is an example of what a .gitignore
file might look like:
# ignore the file doc/patient_ids.txt
doc/patient_ids.txt
# ignore the file doc/patient_notes.txt, but not doc/anonymised/patient_notes.txt
doc/*.txt
# ignore all .pdf files in the "sensitive/"-directory as well as any of its subdirectories
sensitive/**/*.pdf
Each line in the .gitignore
file specifies a pattern.
These patterns are then checked against the file names in your repository, to determine which of them should be ignored.
The following rules for writing .gitignore
file patterns can be found in the Git Pro book:
Blank lines or lines starting with # are ignored.
Standard glob patterns work, and will be applied recursively throughout the entire working tree.
You can start patterns with a forward slash (/) to avoid recursivity.
You can end patterns with a forward slash (/) to specify a directory.
You can negate a pattern by starting it with an exclamation point (!).
GitHub also maintains a collection of .gitignore templates to help you get started.
Creating a .gitignore
file#
To create a .gitignore
file, open a new file in a text editor of your choosing (for example TextEdit), name the file .gitignore
(including the .
at the beginning), and save it in your repository.
Alternatively, you can create a .gitignore
file through the terminal by first navigating to your repository and then running the command touch .gitignore
.
To double check that your .gitignore
file is working as you intended, and the correct files are being ignored, you can run the command git status --ignored
, which will generate a list of all ignored files.
Ignoring a file that has already been committed#
.gitignore
only works on files that are untracked.
Files that are already tracked by Git (that is, files that has previously been staged or committed) will not be ignored.
It is therefore often a good idea to create a .gitignore
file when you set up a new repository, so that you do not accidentally commit files that you do not want to.
It is, nevertheless, possible to ignore files that are already tracked by Git.
To do this, you will first need to delete the file from your repository and then add a new rule to your .gitignore
file.
Committing a file that has previously been ignored#
Sometimes, you may want to ignore all but one file that follows a general pattern.
In these instances, you can either 1) force an ignored file to be committed by adding -f
(or --force
) when you perform git add
or 2) define an exception to the pattern within the .gitignore
file (see example .gitignore
file above).
Having multiple .gitignore
files (and rules)#
In most cases (or at least in the simplest of cases), your repository will have a single .gitignore
file in its root directory.
It is, however, possible to have multiple .gitignore
files within subdirectories of the same repository.
In such cases, the rules within the .gitignore
file will only be applied to the subdirectory within which it is located.
This means that different .gitignore
rules can be applied across the same repository.