Backing up Sublime Text Configuration Files without Shooting Yourself in the Foot

Published: October 29, 2018


As a developer, it’s common practice to backup your system settings to a remote git repository. Conventionally, these repositories are given the name “dotfiles”.

I’ve long had such a repository containing a ~/.zshrc file. Recently, however, I decided to backup settings for a few additional tools, including Sublime Text.

Guides on how to do this that you’ll find online typically suggest backing up the entire ~/Library/Application\ Support/Sublime\ Text\ 3/Packages/User folder.

My Googling, brought me to one such guide which I set out to follow.

Before committing and pushing the changes up to GitHub, I decided to take a look at the contents of the folder. To my horror I saw that the folder I was about to commit included a subfolder, sftp_servers/ which included files with the connection details for all the servers I had setup for the Sublime SFTP plugin. This included credentials to connect to some production instances!1.

I quickly unstaged this folder for commit and carefully reviewed its contents, committing only the files which contained settings I cared about.

Moral of the story: Don’t blindly commit the Packages/User folder as it may contain some sensitive information you wouldn’t want to make available on a public repo.


1 . Yes, I know connecting my editor to a production instance is a worst practice, but in the real-world it’s something that I’ve done before.

Max Chadwick Hi, I'm Max!

I'm a software developer who mainly works in PHP, but loves dabbling in other languages like Go and Ruby. Technical topics that interest me are monitoring, security and performance. I'm also a stickler for good documentation and clear technical writing.

During the day I lead a team of developers and solve challenging technical problems at Something Digital where I mainly work with the Magento platform. I've also spoken at a number of events.

In my spare time I blog about tech, work on open source and participate in bug bounty programs.

If you'd like to get in contact, you can find me on Twitter and LinkedIn.