How to version control config files pragmatically?

Question

Suppose we have a config file with sensitive passwords. I\'d like to version control the whole project, including the config file as well, but I don\'t want to share my pass

Answer 1

My preferred answer to this was already mentioned here: check in a dummy file, generate the "real" file by copying the dummy file at runtime, and ignore the "real" file in your VCS.

I already answered a similar question, with a complete example how to do this in Visual Studio:
how to ignore files in kiln/mercurial using tortoise hg "that are part of the repository"

Answer 2

Instead of version-controlling the actual configuration file, you could put a template or defaults file in version control, and a script that would ask for DB information and credential to generate the real config file, which would be excluded from (i.e. ignored by) version control. On checkout, developers could run this script to get a working environment. This script could also be invoked as part of any installation process that your application uses.

Also see my answer to a similar question.

Answer 3

What about a pre-commit hook to blank out sensitive fields? This assumes you're comfortable sending the file over the network in the first place, of course.

Update for the other end of the problem:
To handle updates, you'd either want to force a manual merge of the sensitive files, or modify the local build process to overwrite the sensitive lines with contents from a local/private/ignored file.