Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Locking down access to a repository branch

Dawn Garner
Dawn Garner
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 8, 2018

Hi all,

Due to confidential nature of a new project (must be approved and sign NDA to work on it), we need a way to lock down a branch so that it can't be viewed by some of the members of our development team. This means not even read access. I have not found a way to do this other than creating a fork (which then adds a number of additional complexities and unknowns that we are not excited about). Is there a workaround that anyone has come across? Some way to even set up password access for a branch or something?

Suggestions are much appreciated.

Thanks, 

Dawn

Answer
Watch
Like Be the first to like this
1125 views

1 answer

1 accepted

1 vote
Answer accepted
Julius Davies [bit-booster.com]
Julius Davies [bit-booster.com]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 9, 2018

 

You cannot have branches in Git that are invisible to some people.

You'd have to implement this by using a fork.   

 

 

Question:  would this secret branch ever merge back into master or other mainline branches?  

View More Comments
Dawn Garner
Dawn Garner
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 9, 2018

Thanks so much for the info - was afraid of that.

Yes, we do need to merge it back in to the master upstream branch once the project is completed. Plus we have other ongoing projects happening off of that master upstream branch. This is the nightmare scenario I was hoping to avoid.

I haven't found much information online yet on how to efficiently handle this issue, but I would think other companies out there would have this same need - was hoping to find a creative workaround someone else had figured out.

Like
Julius Davies [bit-booster.com]
Julius Davies [bit-booster.com]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 9, 2018

 

The moment you merge back into the original 'master' branch, all the work (up to the point of the merge) will become visible to everyone in the original repository.  Are you okay with that?

Is the main problem keeping the fork's master in-sync with upstream master?  To keep the fork up to date, I would recommend the following setup:

1.  In the fork's config, make 'master' read-only except for a special service account (don't let the secret project team push or merge to 'master').

2.  Setup a clone on a restricted server somewhere that has access to both upstream and the fork and has the special "service account" credentials to push to fork/master.  Something like this:

git clone --bare [original-clone-url]
cd [original-clone.git]
git remote add fork [fork-clone-url]

 

3. On that same restricted server setup a cron job that runs every minute and just does the following over and over again, once per minute!

git fetch origin
git push --force origin/master:fork/master

 

That will keep the fork's 'master' always identical to upstream's master.  The secret project work would need to happen on a different branch, but they can take merges from fork/master or rebase on top of fork/master whenever they like.  (And they should probably do so often).

Good luck!

  

Like Dawn Garner likes this
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security