๐Ÿ˜– I accidentally pushed sensitive info!

I accidentally pushed a commit that listed my database credentials. How can I change that commit and make sure that information isnโ€™t listed in my history?
:bowing_man: thank you in advance for any help!

2 Likes

HIiiiii! This totally happens sometimes, and you are not alone! In fact, it happens enough that we have a whole Help Doc on this: https://help.github.com/articles/removing-sensitive-data-from-a-repository/.

I hope that helps and good luck! :heart:

26 Likes

Ironically, you may have posted sensitive info when you created this post --> your github username.ย  If you pushed sensitive information to a public repository, your original post implicitly told careful readers exactly where to go to find that sensitive information.ย 

15 Likes

Itโ€™d probably be wise to change the credentials now also.

AFAIK GitHub does not garbage collect, so anyone with the commit ID can still view the commit (even through the GitHub UI).

1 Like

Yeah, Iโ€™d consider the credentials compromised at this point as well. That being said, as it mentions in the Help Docย @elizabethn pointedย @tzmanics to, we can gc and clear the cache on a repository as needed. You just have to let us know that youโ€™ve already done the other steps in that doc and then weโ€™re happy to help make sure that the old URL is inaccessible :)ย 

1 Like