If you’re working on a project where you have config files with passwords in them, for example web apps with database passwords it is a bit risky to rely on always being vigilant and avoiding staging that hunk when building a commit.
Instead, you can tell git to assume that a file is unchanged, which greatly lowers the risk of pushing your password to github:
$ git update-index --assume-unchanged config/secretpasswords.conf
If you often change that file, you would have to call
--no-assume-unchanged before (carefully) selecting hunks for a commit, but since config files rarely change, there are no real downside to doing this.
This is how it will look:
$ git diff diff --git i/config/postgresql.yml w/config/postgresql.yml index 3a0df29..0d9ae25 100644 --- i/config/postgresql.yml +++ w/config/postgresql.yml @@ -1,6 +1,6 @@ Default: &defaults user: rssqueue - password: rssqueue + password: sup3r53cr17 host: localhost port: 5432 database: rssqueue $ git update-index --assume-unchanged config/postgresql.yml $ git diff $ git st $