As a developer, it’s common practice to backup your system settings to a remote git repository. Conventionally, these repositories are given the name “dotfiles”.
I’ve long had such a repository containing a
~/.zshrc file. Recently, however, I decided to backup settings for a few additional tools, including Sublime Text.
Guides on how to do this that you’ll find online typically suggest backing up the entire
~/Library/Application\ Support/Sublime\ Text\ 3/Packages/User folder.
My Googling, brought me to one such guide which I set out to follow.
Before committing and pushing the changes up to GitHub, I decided to take a look at the contents of the folder. To my horror I saw that the folder I was about to commit included a subfolder,
sftp_servers/ which included files with the connection details for all the servers I had setup for the Sublime SFTP plugin. This included credentials to connect to some production instances!1.
I quickly unstaged this folder for commit and carefully reviewed its contents, committing only the files which contained settings I cared about.
Moral of the story: Don’t blindly commit the
Packages/User folder as it may contain some sensitive information you wouldn’t want to make available on a public repo.
1 . Yes, I know connecting my editor to a production instance is a worst practice, but in the real-world it’s something that I’ve done before.↩
Hi, I'm Max!
If you'd like to get in touch with me the best way is on Twitter.