This document outlines security best practices for using this repository and its scripts.
NEVER commit the following types of sensitive information to any repository (public or private):
- Private SSH keys (files starting with
id_without.pubextension) - API tokens or access keys
- Passwords or credentials
- Database connection strings with passwords
- Personal information you don't want to be public
- Environment files (
.env) - Configuration files with secrets
The backup scripts in this repository are designed to help you save your development environment configuration. However, they can potentially collect sensitive information. Follow these guidelines:
- Review Before Committing: Always review the contents of the
config/mac_backupdirectory before committing changes. - Use Example Files: Replace sensitive information with example placeholders before committing.
- Secure Local Backups: For truly sensitive information, use the secure backup options that store data outside the repository.
- Enhanced .gitignore: The repository includes a comprehensive
.gitignorefile that attempts to exclude common sensitive files. - Example Templates: Configuration files are provided as examples with placeholders instead of real credentials.
- Security Warnings: Backup scripts include prominent warnings before collecting potentially sensitive information.
- Secure Backup Options: Options to backup sensitive data to locations outside the Git repository.
- Generate new SSH keys for each machine rather than transferring private keys
- Use passphrase-protected SSH keys
- Consider using hardware security keys where possible
- Use Git configuration templates with placeholders for personal information
- Consider using Git aliases to simplify common operations without exposing sensitive information
- Use a password manager for sensitive credentials
- Consider using environment variables for sensitive information in scripts
- Look into secure credential storage solutions like:
- macOS Keychain
- Credential managers integrated with your tools
If you discover a security vulnerability in this repository, please report it by creating an issue or contacting the repository owner directly.
The following directories may contain sensitive information and should be carefully reviewed before committing:
config/mac_backup/ssh/ # SSH keys and configuration
config/mac_backup/docker/ # Docker credentials and configuration
config/mac_backup/macos/ # macOS system preferences and configuration
If you've already tracked sensitive files, you can remove them from Git tracking without deleting them from your filesystem:
# Remove sensitive directories from Git tracking
git rm --cached -r config/mac_backup/ssh/ config/mac_backup/docker/ config/mac_backup/macos/
# Remove specific sensitive files
git rm --cached config/mac_backup/git/.gitconfig
git rm --cached config/mac_backup/ssh/id_ed25519.pub
git rm --cached config/mac_backup/ssh/configBefore committing, search for sensitive terms in your codebase:
# Search for sensitive terms
grep -r "password\|secret\|token\|key\|credential" .Review all files that contain these terms and ensure they don't contain actual sensitive information.