CLI: Can .netlify/state.json be put into a public repository?

Quick question: Can the .netlify/state.json file (using Netlify CLI) containing the ID of my website be put into a public repository? I am unsure, because in my mind it’s “just” an ID to a property that nobody else than the people associated with the project via Team Settings can access. I have the whole .netlify folder in my “repo cleanup”-routine, but have to re-connect to the netlify property everytime I re-clone the projects.

Is there anything privacy or security relevant connected to that file or can I savely add it to my repository?

Note: that repo is public.

1 Like

Hi @davidsneighbour

Firstly, thanks for all your help in the Hugo forums, happy to see you here!

About your question, you can put the file in a public repo as you’ve seen it contains only the Site ID. But, I’d still advise against it.

The reason why the CLI adds .netlify to your .gitignore is because the CLI uses that folder for other stuff too. For example, it creates some Function and Edge Function bundles or other relevant (temp) files in that folder. By removing .netlify from your .gitignore, you can potentially end up uploading that unwanted stuff too.

Lastly, if the CLI ever changes and ends up adding some sensitive data to that folder, that might accidentally get committed to your repo too.

Also, if someone clones your repo and tries to use Netlify CLI, the CLI will try to connect to that Site ID and the user will get 401 error - an additional step for them to delete that file and relink their site.

All in all, I think having to relink your site is a fair trade-off given these problems - in most cases, a user should not have to clone their own repo multiple times (or at least that must have been the assumption when deciding this feature).

1 Like

Hi Hrishikesh, thank you :slight_smile:

My idea was to use the following in the .gitignore:


which should solve the issues with other files in that folder you mention.

But you are right, let’s not hope nothing changes and the point with others cloning the repo is right too (didn’t think of that). I will put the whole thing into the documentation then :slight_smile: Post-Install-Steps.

Thanks for your help!