Ask HN: Strategies for safely providing codebase access to external developers

Our fledgling startup is planning on experimenting with a basic outsourcing model. We plan on bringing in an external developer to take over a few 1 or 2 tasks that we feel would help free up our some of our time / attention for more of the domain specific things that make our startup unique.

Outsourcing / external development philosophy issues aside for the moment, I'm curious what strategies others use for minimizing risk in terms of access to our codebase. Maybe I'm paranoid but I would feel more comfortable delivering a semi-doctored repository which doesnt include things like api keys, user data etc until we are able to build a trusting relationship.

I dont think spending more than a few hours on such a solution is a good use of our time (we are young and fledling as I mentioned and I dont meant to exaggerate the value of our codebase / data). That said however, Im thinking of writing a script to do something like,

- clone our repository - strip out sensitive pieces of data (api keys) - remove the repository files (.git/) (on 2nd thought, I guess this is a double edged sword. Its safe b/c it prevents access to sensitive data but OTOH it makes the vcs merge case much more cumbersome)

So what strategies have you had luck with in this type of scenario?