To Track or Not to Track

When and how to use .gitignore in your Github repository

With over 100 million live repositories to date, Github has proven to be the number one spot for open source. This is wonderful for a number of reasons but mainly being that whatever your level of expertise, users can be use it to learn new or different ways of doing things, to alter or change things and [can] distribute the software to anyone and for any purpose. Although, with so many people using open source, it is important to ensure that you don’t accidentally share your most sensitive information to the general public.

Some weeks ago my classmate and I decided to build a basic movie browsing CLI app using Ruby. The one thing we both agreed on was that Rotten Tomatoes was our favorite website to browse reviews and so, we had the grand idea to use RT’s API to populate reviews on movies in our app. We began to do some research and realized, not only did RT have an application process and waiting period, but according to this post on Reddit, they also charged an annual fee starting at a whopping $60,000.

Wide Eyed Kenan Thompson 👀

I don’t know about you, but if I were having to go through a process and pay money to use an API, I’m certainly not up for sharing it with the world.

Anther reason to hide certain sensitive information is that some companies set limits to the number of requests an app can make before stopping said requests or charging the user for additional requests. Those companies use unique alphanumeric strings of code called an Access Token to keep track of users and their requests.

“Access tokens are the thing that applications use to make API requests on behalf of a user. The access token represents the authorization of a specific application to access specific parts of a user’s data.” — Access Tokens

These tokens are bound by licensing agreements and because they are unique to each user, they are expected to be kept secret and away from prying eyes. (Click here, for a list of additional things to keep in your .gitignore file.)

But how does one upload a project to Github without also pushing up this sensitive information? Queue .gitignore!

.gitignore (read: git-ignore) is a plain text config file that stores the most sensitive data in a project repo. This file is typically found in the root directory of a project and specifically ignored by Git when changes are committed. Not only is it best practice to keep this info from the public, it’s also in your license agreement. It is the simplest solution to your secrecy needs.

To learn more about reasons to use a .gitignore file or how to use it, check out this site.

A step-by-step guide to setting up a .gitignore file, how to use it and how to remove previously committed tracked files, check out this document.

Thank you for taking the time to read my post. If you enjoyed it, please don’t forget to clap, comment and hit that follow button.

Happy coding!

Software Engineering Student at Flatiron School. I love Fashion, Film and all things sparkly.