dcqdva
Last Updated: February 25, 2016
·
602
· shakeelmohamed
Profile 500

"Oops, I pushed a commit with something sensitive to a public GitHub project!"

So you accidentally pushed a commit with some credentials. Shame on you.

Here's a potential solution:

  1. Make the GitHub repository private
  2. Rename the repository, maybe just append "-backup"
  3. Make a note of the offending commits
  4. Run git fetch --all
  5. Create a new GitHub repo with the same name, this will break the automatic aliasing GitHub does when you rename a repo
  6. Do all kinds of rebase and/or filter-branch locally to make sure the credentials don't exist at any commit. This might take a while if you have to rebase more than a few commits.
  7. Run git garbage collection: git gc --aggressive
  8. Make sure none of the offending SHAs exist, you can just grep inside the .git directory of your local repo.
  9. Run git push --all -f to push all the branches, assuming you've already fetched them in step 4.

Picture

Preventing this in the future

  • Tell the person who made the commit the consequences of what just happened.
  • More importantly, try to figure out why it happened, maybe they were under a tight deadline and got a bit sloppy - it happens to the best of us.
  • Try to store credentials in environment variables, config files that are added to your .gitignore, or any way you can keep them out of your code.

Picture

Say Thanks
Respond

3 Responses
Add your response

20814
Ffebdf905fae3278a260ed03c9d165c7

You should likely just refresh the keys (ssh/api/etc). Some of those methods get rid of the github events, but services likely log most (all?) or those events and can still get that key as the event happens.

over 1 year ago ·
20815
Ffebdf905fae3278a260ed03c9d165c7

You should likely just refresh the keys (ssh/api/etc). Some of those methods get rid of the github events, but services likely log most (all?) or those events and can still get that key as the event happens.

over 1 year ago ·
20816
Profile 500

True, that's another option :)

over 1 year ago ·