I want to share my vim configuration files on a public Git repository, but I’m running into issues with sensitive information. My vimrc contains credentials and API keys needed for various plugins to work properly.
For instance, I use a plugin that requires authentication details like this:
let g:social_plugin_credentials = "username:password"
let g:api_service_token = "abc123secretkey"
Currently I have to manually remove these lines before each commit and add them back afterward, which is really tedious and error-prone. What are some effective ways to handle this situation? I’d like to keep my dotfiles version controlled without exposing private information to the world.
just make a .vimrc.local file for your secret stuff and put it in .gitignore. then at the end of your main vimrc, add source ~/.vimrc.local. no more hassle with commits - it works great!
Environment variables are your best bet. Don’t hardcode credentials in your vimrc - reference them through variables like $VIM_API_TOKEN or $SOCIAL_PLUGIN_CREDS instead. Set these in your shell profile or a separate env file that stays on your machine. Your vimrc becomes let g:api_service_token = $VIM_API_TOKEN which you can safely commit publicly. I’ve used this for two years and it’s way cleaner than juggling multiple config files. Only downside? You’ll need to set up the variables on new machines, but that’s worth it for the security.