可以使用 git hook 在暂存、添加或推送之前替换密码吗?
可以使用 git hook 在暂存、添加或推送之前替换密码吗?
我希望在提交或推送之前将密码替换为模板。
例如,假设我在纯文本密码中添加了“PWDEXLUDE_password”前缀,并且钩子将其替换为 <>,因此在部署阶段,脚本可以查找模板,在数据库中查找密码,并将该模板替换为生产密码。
git 有类似的东西吗?
Can a git hook be used to replace passwords before staging, adding, or pushing?
I want passwords to be replaced by templates before committing or pushing.
for instance, say I prefix plain texts password with 'PWDEXLUDE_password' and the hook replaces it with <>, so during the deployment phase a script can look for the template, lookup in a database for the password, and substitute that template with production password.
Is something like that available or possible with git?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我会采取不同的方法,即将密码保存在不受版本控制的配置文件中,并让应用程序在运行时从该文件加载它们。你的部署脚本只需要确保这样的文件存在,并且每个开发人员都可以有自己的密码进行开发和测试。
如果您真的想做您所要求的事情,我认为您可以在
预提交中完成钩子,提取包含密码的文件的暂存版本,重写它们,然后暂存重写的版本,确保不会影响工作副本。然而,出于多种原因,这对我来说似乎是一个坏主意。I would take a different approach, which would be to keep passwords in a configuration file that's not under version control and have your application load them from that file when it runs. Your deploy script just needs to ensure that such a file exists, and each developer can have their own passwords for development and testing.
If you really want to do what you ask, I think you could do it in a
pre-commithook that extracts the staged versions of the files with passwords in them, rewrites them, and stages the rewritten version, making sure not to affect the working copy. However, this seems like a bad idea to me for any number of reasons.我认为这里正确的事情(如果你不想要一个被忽略的文件,我也更喜欢)是一对涂抹/清洁过滤器。请参阅 gitattributes 中的过滤部分。
I think the right thing here (if you don't want an ignored file, which I would prefer, too) would be a pair of smudge/clean filters. See the filter section in gitattributes.