3

Say I accidently push code in a file containing a credit card number to a publicly viewable github repo (this didn't actually happen). Say I quickly realize this, and then push an update to the public repo. Is there any way for members of the public to view the previous version of the file I pushed, and see the credit card number? Or does the public just see commit history and date, but not changes made?

V0ltair3
  • 45
  • 6
  • 2
    Does this answer your question? [Completely remove every trace of git commit](https://stackoverflow.com/questions/32787200/completely-remove-every-trace-of-git-commit) – pkamb Oct 17 '20 at 01:55
  • 1
    Or https://stackoverflow.com/questions/872565/remove-sensitive-files-and-their-commits-from-git-history – pkamb Oct 17 '20 at 01:56
  • As long as people have access to the git repo, anyone can see any commit and any changes on there. Check any public repo and the commits. Here's an [example from Flask](https://github.com/pallets/flask/commit/8c6baeedab60e0041317c2709df100dfd216c2ef). The question you *should* be immediately asking instead is **how to remove** that part of that repo's history. – Gino Mempin Oct 17 '20 at 01:57

2 Answers2

2

If you make a new commit which deletes the credit card number, yes, everyone can see the old commit with the credit card number in it.

If you "rewrite" (actually replace) the commit, for example with git commit --amend or an interactive rebase and git push --force-with-lease, then no, the old history will not be publicly visible unless something else references the old commit like a tag or other branch or reference to the commit on Github. It will still exist in your local repository, follow these instructions to get rid of it.

See Rewriting History in Pro Git for more.

Schwern
  • 153,029
  • 25
  • 195
  • 336
2

Yes, there is. Anyone who knows the blob, commit, or tree that was pushed can access the old files because GitHub does not normally garbage collect data (although there's no guarantee that they do or don't). Even if you rewrite history to remove that secret from all branches and tags, the old objects almost certainly still exist and can be accessed.

Literally anything secret you push to a public repository is compromised the second you push it; there are bots which literally comb repositories for secrets to exploit. If you pushed a credit card number, you need to report that as compromised to the appropriate party; if you pushed a password or token, revoke it and create a new one.

GitHub has instructions on how to remove sensitive data, but those involve contacting GitHub Support to remove the old objects. Even if you follow that procedure, you have to assume that every secret committed to a public repository is universally known once pushed.

bk2204
  • 64,793
  • 6
  • 84
  • 100