-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sensitive data committed to history #9
Comments
Nice, that's the commit that added the Step 13: Remove historical reference to a previous
|
be191ce (HEAD -> main, origin/main, origin/HEAD) Merge pull request #8 from saipraveen-a/add-gitignore |
Nice, your log output is no longer showing reference to those previous commits. So, what exactly just happened? Our commit history has been modifiedYou probably noticed that when you ran the This is why you need to consider local work and branches that are based on this previous history. This is okay to run, as long as everyone contributing in the repository is aware of the situation and can plan accordingly. Is the sensitive information gone?Those commits no longer show in the file contents in your repository history. You can see this by navigating to your repository's commit history and clicking on the "Add .env file" commit. Notice that there are now no referenced files or content recorded. However, we can still access the cached commit if we know the old commit ID: 848cd8c Removing the old cached commitsThis is where we'll need to contact the amazing GitHub Support team for assistance. Even though we removed these commits, the historical reference to them can still be found if you know the commit ID. In a real world situation, you'll need to contact GitHub Support to perform the following:
For our situation, we can skip contacting GitHub Support for this example! 😄 Find your final issue here now. |
Sensitive data elsewhere in the repository contents
Often sensitive data is buried deep in a repository's history. The process for removing these files and commit data is a bit tricker and more involved.
In our repository's history, there is a reference to a
.env
file with sensitive information. We've since added a.gitignore
to prevent this from happening in the future, but it doesn't modify any previously committed references from the history.There are a few things we need to think about and take into consideration before we start altering our historical content. But for now, let's start with identifying the commit in question by going through our commit history.
Step 12: Find historical reference to a previous
.env
filecommits
link directly under the Code tab.env
fileI'll respond below when you add your comment to this issue.
The text was updated successfully, but these errors were encountered: