I'm developing some web application (php, codeigniter). Today a time to push it to github has come, but I've encountered an issue I can't manage.
I've got 2 branches:
- master - this branch should be used for github pushing, does not contain credentials or any other sensitive data (just public code)
- dev - this is master's child, used for development, does contain credentials (of my private app instantion)
By credentials I mean: database login, password, host, user; oauth services id / secrets; encryption_key. Credentials are stored in 2 separated files within /application/config folder.
The idea is that I'll make all changes on dev, than merge dev into master, and pull master content to github (but master can't contain my private credentials).
This is what I've done till now:
- Removed all credentials from /application/config/config.php and /applications/config/database.php (as I don't want them to be public on github) they've become an empty strings like: $db['default']['hostname'] = '';
- Started git repository and made an initial commit - the default branch that was created is named 'master'
- Pulled master into github
And it's pretty cool till now - I've got my project code on github with no credentials within. Next I need to make some changes in my project, so I:
- Created new branch 'dev'
- Stored my credentials into dev, and make a commit - I need dev instantion to have credentials as I'm uploading this to ftp server every time I change something in the code (I don't use local LAMP or anything like this in this project)
So now I need to make some change in dev, upload it and pull to github so I:
- Make an change on dev (let's say add new feature)
- Checkout to master
- Merge dev into master.
What I expected to happen: Git will ask me which version of configs should be used in 'master' as it is different in both branches. I will use diff to chose a 'master' verion of files (which does not contain credentials). Git will remember my choice, and in the future I will not have to chose again when I'll merge dev into master. Git works like this on one of my other projects, where dev is a master branch and instantions are it's children (In this case dev is a child and I merge child into parent).
What happened: Git just copied credentials from dev to master, did not ask me about that. So now my master branch is 'tainted' by credentials and I can't push it to github anymore.
My questions are:
- Why is that happening, how can I avoid this?
- Is there any other (better?) way to handle that kind of issue.
Please let me know if anything is unclear, any help will be appreciated.