| ▲ | ggm a day ago | ||||||||||||||||||||||||||||||||||||||||
Maybe a default secure delete option could be made a lower bar event? Checkout to event, commit in clean state with prior log history, overlay the state after the elision and replace git repo? When I had to retain log and elide state I did things like this in RCS. Getting date/time info right was tricky. | |||||||||||||||||||||||||||||||||||||||||
| ▲ | Sayrus a day ago | parent | next [-] | ||||||||||||||||||||||||||||||||||||||||
If you push a secret publicly, you should consider it leaked. On GitHub, you have 5 minutes on a non-watched repository (due to the delay) and less than 30 seconds on a watched repository to revoke it before it's been cloned and archived by a third-party. Whether that party is malicious or not, rewriting the Git history will not change anything that the secret is leaked. And you can already rewrite the Git History and garbage collect commits that aren't part of the tree anymore on most providers. | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||
| ▲ | volemo a day ago | parent | prev | next [-] | ||||||||||||||||||||||||||||||||||||||||
If something got out to the internet, you won't get it back. There is little point in rewriting repo history if you have already made a secret public. Just change the secret as soon as you can. | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||
| ▲ | tobyhinloopen a day ago | parent | prev [-] | ||||||||||||||||||||||||||||||||||||||||
Anything pushed is to be considered leaked. You might as well leave the commit in and invalidate the secret. | |||||||||||||||||||||||||||||||||||||||||