I was careless enough to forget not to include access credentials in my .gitignore and I pushed a file with security codes to my repo on github. Now, I've deleted the file on the last commit, but I can't seem to find a way to delete the file from github history so noone can see the history of changes and this way, the codes. I can't do it manually on github, as it says that I 'must be on a branch to make or propose changes to this file'. Since pushing that file I've done some other commits already. How do I fix that? I've changed the security codes already, but I would like to delete the old ones anyway. all the codes can still be viewed in the history
Asked
Active
Viewed 44 times
0
-
Esp. this answer: https://stackoverflow.com/a/32840254/7976758 – phd Feb 13 '21 at 00:06
-
https://stackoverflow.com/search?q=%5Bgit%5D+remove+sensitive+file – phd Feb 13 '21 at 00:07
1 Answers
3
The safest thing is to assume that someone has already downloaded the credentials. Your question indicates you have already pushed them to github. Even if you do rewrite history, they are compromised and need to be changed.
Chris Foley
- 454
- 3
- 5
-
1That's the most impart part. You need to assume the file has been already compromised. Then, in order to delete the file from history, you need to rewrite history of the project. https://docs.github.com/en/github/authenticating-to-github/removing-sensitive-data-from-a-repository – eftshift0 Feb 12 '21 at 23:59
-
I want to say I know why this worked, but I have no idea. I tried the github solution before writing this post and it didn't seem to do anything, but after attempting it for the 10th time now I hit the spot and it worked, eventually. – jacobssohn Feb 13 '21 at 16:47