# Heroku + Github + Sensitive Data
**Scenario**:
You deployed a Heroku project that contains sensitive data (password, API key, etc) but you want to share it on Github.

**Problem**:
You need to commit all files necessary for the application to run on Heroku. However, pushing this to Github would reveal the sensitive info.

**Solution**:
Have a production branch (for this example, master will be the production branch) and a Github branch. The latter contains a different .gitignore that ignores the sensitive files.

A. Assuming you already have a remote for Heroku, add one for Github ````git remote add github https://github.com/you/repo.git````.

B. First, make sure you have a backup copy of the file you're going to remove. Next, the file that contains the sensitive data from your repo and commit history (via https://help.github.com/articles/remove-sensitive-data)

   ````
 git filter-branch --force --index-filter \
 'git rm --cached --ignore-unmatch sensitive_data.js' \
 --prune-empty --tag-name-filter cat -- --all
   ````

C. At this point the file will have been deleted. Add ````sensitive_data.js```` to ````.gitignore````.

D. Commit these changes ````git commit -m "Removed semsitive data and updated gitignore"````.

E. At this point your project is ready for Github. Create a branch for Github ````git branch github```` and push ````git push github github --force````.

F. Now you can remove ````sensitive_data.js```` from ````.gitignore````, make sure the file exists, and commit those changes and push to Heroku ````git push heroku master --force````.

G. Branch ````master```` is now one commit ahead of branch ````github````. If we were to merge or rebase this commit into branch ````github```` it would become infected with the data we just removed! But what if you want to otherwise keep the two branches in sync, i.e. you add some text to a page on branch ````master````, commit the changes, and now you want that commit to show up on Github. To do this, run ````git log````, copy the SHA value, then

   ````
      git checkout github
      git cherry-pick *commitID*
      git push github github
   ````

You'll notice that when you switch between branches everything should be identical, except for the presence of the one file that contains the sensitive data and the corresponding line in ````.gitignore````.

A very hack-tastic "solution"!