I use Ansible for deployment and Ansible Vault for storing encrypted config files in the repo. Of course, it's always a bit of a nightmare scenario that you accidentally commit unencrypted files, right?
Well, I have "make encrypt" and "make decrypt" commands that will iterate over the files in an ".encrypted-files" file. Decrypt will also add a pre-commit hook that will reject any commit with a warning.
This is tons easier than trying to remember the ansible-vault commands, and I never have to worry about trying to remember how to permanently delete a commit from GitHub.
Well, I have "make encrypt" and "make decrypt" commands that will iterate over the files in an ".encrypted-files" file. Decrypt will also add a pre-commit hook that will reject any commit with a warning.
This is tons easier than trying to remember the ansible-vault commands, and I never have to worry about trying to remember how to permanently delete a commit from GitHub.