Accidentally committing sensitive information to a GitHub repository can have costly effects. This tweet of someone committing their AWS private keys in an
.env file by accident, surfaced only a couple days ago. I’m sure something like this has happened to so many people already. It’s easy to commit a file that you do wish to remain private, simply forgetting to add it to your
Thankfully, Git provides a way to have a global
.gitignore file. This is a file that is always applied to any repository on your system. You add the files or directories that you want to always ignore to it and it those files and directories never get committed.
All you have to do is make a file, somewhere on your filesystem (for example in your home directory, or within your dotfiles) and tell Git to use that as your global
.gitignore file with the following command:
git config --global core.excludesfile ~/.gitignore_global
In this file you can then specify the files and directories that always need to be ignored. Add your
.env files, editor configurations and other files you never want to commit, so you never have to worry about accidentally pushing these files up to a (public) repository.