search

wbent22 / security-on-github

https://lab.github.com/githubtraining/securing-your-workflows
MIT License
0 stars 0 forks source link

Add a `.gitignore` file #3

Closed github-learning-lab[bot] closed 3 years ago

github-learning-lab[bot] commented 3 years ago

Taking advantage of the .gitignore file for security

From time to time, there are files you don't want Git to check in to GitHub. You may want to ignore files that contain sensitive credentials or information which should not be pushed to your repository. There are a few ways to tell Git which files to ignore.

Ignoring files

Git uses a file called .gitignore to decide which files and directories to ignore when committing. Keep files containing sensitive data, like configuration or env files, out of your repositories. This is one way to promote security best practices.

The .gitignore file can, and should, be committed into your repository. By sharing this file and making it part of your code, it will also help others. Other users that contribute to the repository will also avoid committing sensitive data. There are many examples of .gitignore files available for you to use in your own repositories. You can find them in the gitignore repository.

Step 5: Ignore files

In this pull request, I'm adding a .gitignore file. Files ending with .env commonly include sensitive data. This helps you keep files with sensitive data secure and private. Let's add those files to the .gitignore.

:keyboard: Activity: Updating the .gitignore file

  1. Within this pull request, go to Files changed.
  2. Click the ellipsis (...) in the right upper corner and click Edit file to edit the .gitignore file.
  3. Edit the file by adding .env to line 1.

  4. Scroll down, and commit your change.

    Note: Even after adding a file to the .gitignore, the previous commits that have edited that file still exist. If you accidentally committed sensitive data, first change any tokens or passwords. Then, contact GitHub Support for help correcting your history.

For a printable version of the steps in this course, check out the Quick Reference Guide.

Return to this pull request for my next comment.

Sometimes I respond too fast for the page to update! If you perform an expected action and don't see a response from me, wait a few seconds. Then refresh the page for your next steps.

github-learning-lab[bot] commented 3 years ago

Step 6: Merge this pull request

This looks great @wyatt-bentley, thanks for adding a .env file to the .gitignore. Feel free to add any other file or potential sensitive data to the .gitignore file.

:keyboard: Activity: Merge

  1. Merge this pull request.
github-learning-lab[bot] commented 3 years ago

Congratulations, you've done it @wyatt-bentley! Go ahead and delete the branch.

Find your final issue here now.