0

I was working on a project which uses the API secret ids to perform a particular task. Initially, I used them (secret ids) as a string in my project and committed it to git. later I moved those secret ids to my environmental variables and again committed and pushed it to Github. Now when I go to the last commit, it shows the commit difference between the file (as usual) and it also shows the secret ids which I used before as string in my code.

enter image description here

This can cause security issues. How can I make a commit not show the commit diff for a particular commit? or any alternative solutions would be appreciated.

kiranr
  • 2,087
  • 14
  • 32
  • 3
    https://docs.github.com/en/github/authenticating-to-github/removing-sensitive-data-from-a-repository – Boldewyn Jan 23 '21 at 21:16
  • 1
    I don't know if it is possible in the GitHub UI to "hide" this from a commit view (I doubt it). But even if it were, anybody can still clone the repository and access the sensitive data. – mkrieger1 Jan 23 '21 at 21:22
  • 2
    You should not be committing sensitive data in the first place. It’s as simple as that. – matt Jan 23 '21 at 21:33
  • @mkrieger1 ik I should not have committed with the sensitive data being in my file. but now changing the password is the way. thank you. – kiranr Jan 23 '21 at 21:36
  • 1
    "but now changing the password is the way" No it isn't. You need to rewrite this whole repository to get this info out of there. – matt Jan 23 '21 at 21:54

1 Answers1

2

To answer the question as asked: No, you can't tell git to say that a file is unchanged if it's changed. But there's a bigger issue here:

This can cause security issues.

You're way past that point. As soon as you pushed a commit that had the secret in it, the secret was compromised and the only option is to change it. Even if you could suppress the diff, someone could check out the previous version; the history is the entire point of git. You could rewrite the history, but even that wouldn't take the secret away from anyone who already has it.

Mark Adelsberger
  • 42,148
  • 4
  • 35
  • 52