0

So I created an .env file and had the impression that .env files do not get commited, however, it did. Since it contains a Google API key, I edited the .env file straight away and removed the key from it, however, I wonder if there's a way for people to see what changes have been done to that .env file ( like removing text which in my case is the API key )

Onyx
  • 5,186
  • 8
  • 39
  • 86
  • Yes, you can see the commits for a repo on `https://github.com///commits/` – jonrsharpe May 28 '19 at 07:20
  • 2
    Possible duplicate of [Remove sensitive files and their commits from Git history](https://stackoverflow.com/questions/872565/remove-sensitive-files-and-their-commits-from-git-history) – maazadeeb May 28 '19 at 07:20
  • Yes I can indeed see the commit. Can you point me to which command should I use to remove it as the recommended post contains loads of commands which don't make too much sense to me. – Onyx May 28 '19 at 07:36
  • The only good move is to revoke the key. History doesn't matter. – Philippe May 28 '19 at 08:07

2 Answers2

4

revoke the current key and create a new one (for safety reasons)

you can remove it by filtering the branch you are working on by using git filter-branch

you can find about it in details here

https://help.github.com/en/articles/removing-sensitive-data-from-a-repository

technolaaji
  • 359
  • 2
  • 8
0

You must consider this key already exposed, revoke it and create a new one.

After that, it's at your convenience if you want to take time and efforts to remove it from your history...

For the future, you could use git-secrets to prevent committing it as it is explained in google best practices to keep key safe

Philippe
  • 28,207
  • 6
  • 54
  • 78