Best practice is to never commit any sensitive data (e.g. keys) to any repo. Ignore the file like you said and store a copy somewhere safe (DropBox, OneDrive, iCloud, whatever you use).
Note that if you’ve ever committed a sensitive file to a repository it’s still stored in the repository history. You have to use something like bfg to clean out sensitive files before making the repo public.
Best practice is to never commit any sensitive data (e.g. keys) to any repo. Ignore the file like you said and store a copy somewhere safe (DropBox, OneDrive, iCloud, whatever you use).
Note that if you’ve ever committed a sensitive file to a repository it’s still stored in the repository history. You have to use something like bfg to clean out sensitive files before making the repo public.
Luckily I have published only versions with
<your-key-here>
values.So the best way is to ignore the config file, use it for local development and store a copy outside... Uhm, it looks cumbersome, but it makes sense