Daily reminder:

- Once it is on the internet - it is always there so Rotate the key/secrets FIRST.

- Never think secrets are gone because of you have recommited .

- Deleting a commit is not enough , use BFG Cleaner - https://rtyley.github.io/bfg-repo-cleaner/ , and force commit to change history.

Edit- Forget to add most important thing - rotating the key.

▲

weird-eye-issue a day ago | parent | next [-]

I think you mean "rotate the keys"

▲

GrandaPanda a day ago | parent | prev | next [-]

Had it correct in the first two points, then contradicted yourself with the last. Rotate your secrets.

▲

v3ss0n a day ago | parent [-]

Yeah good point. Rotating secrets is a point i forget to add.

	▲	a day ago \| parent [-]
		[deleted]

▲

hnlmorg a day ago | parent | prev [-]

The problem here is that GitHub keeps the ref logs even for commits that no longer exist.

I don’t see how BFG helps here

▲

v3ss0n a day ago | parent [-]

it rewrites the history. Isn't that really enough? You can remove all the keys from the git history. and I agree , i forget the point about rotating the key which i do always in first .

	▲	hnlmorg a day ago \| parent \| next [-]
		No it’s not enough. Read the article and it will explain why. Also, if you’re going to rotate your secrets (which you absolutely should do regardless) then everything else is pointless because it’s now just an invalid credential.
	▲	Timwi a day ago \| parent \| prev [-]
		It might remove it from your local repo, but not from GitHub, that's the point.