[Infrastructures] Version control over sensitive config files

[ph-infrastructure@bluepenguin.us]

This may be a bit of a newbie question, but then I'm pretty much a newbie
to CVS, so that's ok.

I'm trying to put some measure of control around a large Solaris-based
commercial application.  The application has a number of templates and
graphics that can be customized; I'm planning to manage those with CVS.
We've planning to have separate test, development, and production
environments; CVS should do very well at letting me keep unique versions
of those for each environment if necessary.

The application also has some config files with sensitive information -
clear text passwords for communicating with other applications.  (Not
what I'd like to see, but that's what I've got to work with.)  There are
perhaps 60 config files; perhaps 5 of them have this kind of sensitive
information.  The people who maintain template files and graphics should
not be automatically allowed to see these config files

The thought of putting those config files directly into CVS does not seem
like a great idea, but I would like some kind of version control or
tracking; these files control everything about how the application works.

One side note - I believe the the application itself makes changes to
these config files, so even if I use a CVS-like approach, I'm not always
going to be able to do the standard approach of making changes on a gold
server, then moving those changes out.  Before I realized that I had
password issues, I had considered periodically doing a CVS checkin from
the application's copy of these files to make sure everything was in sync.

I guess I could set up a unique CVS repository just for the config files;
other than that, I don't have any great ideas.  Thoughts?

-- Paul Holbrook
Atlanta, GA