Like .gitignore, but for what goes public. Keep a sanitized public mirror of your private repo.
Project description
git-private2public
Like .gitignore, but for what goes public.
You have a private repo. You want a public one — without the secrets. This tool keeps them in sync. Automatically.
Quick start
pip install git-private2public
git-private2public init # creates .gitpublic/ folder
Edit .gitpublic/config — set source + target. Values can be owner/repo, a full Git URL, or a local path:
source = you/private-repo
target = you/public-repo
Edit .gitpublic/ignore — files to hide, one per line (like .gitignore):
.env
secrets/
*.key
Publish:
git-private2public publish
Done. Your public repo is clean.
Auto-publish on every git push
git-private2public hook enable # on
git push # also publishes public mirror
git-private2public hook disable # off
Native git hook. No CI, no GitHub Actions. Works offline.
The .gitpublic/ folder
Each file is one concern. Like .gitignore — one rule per line, # for
comments. If a file is missing, that setting is just empty.
| File | What goes in it | Format |
|---|---|---|
config |
source, target, push settings | key = value |
ignore |
files to NOT publish | one path/glob per line |
replace |
find → replace in file contents | old ==> new per line |
scan |
refuse to push if matched | one pattern per line |
allow |
domains OK to publish when scan matches nearby text | one domain per line |
Easy — just edit ignore:
.env
secrets/
*.key
Medium — also edit replace:
<PRIVATE_IP> ==> 203.0.113.5
real-token ==> ***
regex:[A-Fa-f0-9]{64} ==> ***
Hard — also edit scan + allow:
# scan:
regex:github_pat_[A-Za-z0-9_]{30,}
regex:192\.168\.
regex:[a-z0-9.-]+\.[a-z]{2,}
# allow:
github.com
get.docker.com
Commands
init create .gitpublic/ config
scan clean into a temp repo, scan, don't push
publish clean + push
hook enable / disable / status
How allow / domains work
allow is not a replacement rule. It is an allowlist used during scanning.
Example: put a broad domain detector into .gitpublic/scan:
regex:[a-z0-9.-]+\.[a-z]{2,}
Now every domain-like string fails the scan unless the matched domain is listed in .gitpublic/allow:
github.com
get.docker.com
Use .gitpublic/replace to rewrite private domains, for example:
private.company.local ==> example.com
regex:.*\.corp\.internal ==> example.com
Install
pip install git-private2public
That's it. Now you have the git-private2public command.
No pip? Single-file manual install — download +
chmod +x(needspip install git-filter-repo pyyaml).
Why
Git has no "private file in a public repo". So you need two repos. This keeps them in sync — without leaking.
| delete files | replace text | scan | auto push | |
|---|---|---|---|---|
| git-filter-repo | ✅ | ✅ | ❌ | ❌ |
| BFG | ✅ | ✅ | ❌ | ❌ |
| dupligit | ❌ | ❌ | ❌ | ✅ |
| git-private2public | ✅ | ✅ | ✅ | ✅ |
License
MIT
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file git_private2public-0.1.1.tar.gz.
File metadata
- Download URL: git_private2public-0.1.1.tar.gz
- Upload date:
- Size: 13.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2af2841061ab57c916efb612a25d9052de8039d600064688a5d1858fa5a7d8a9
|
|
| MD5 |
a75b604e9abf016e5e84346b2c2dfd4c
|
|
| BLAKE2b-256 |
ffd87ab8a73910a98f72c1430ef05e5272eb036eb60660ccea8a29c8a4d29da0
|
File details
Details for the file git_private2public-0.1.1-py3-none-any.whl.
File metadata
- Download URL: git_private2public-0.1.1-py3-none-any.whl
- Upload date:
- Size: 10.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f150398ff8292384ba6b81d34c67daf6062869dc10cada9b5374e52de9a6d1e1
|
|
| MD5 |
bd9f8a03acc012a6b9c0fe3b28fa6566
|
|
| BLAKE2b-256 |
560dae5d45cc351c614dc96c5631afca4556a886b7741bd287785027c57cddc7
|