😖 I accidentally pushed sensitive info! #21529
-
I accidentally pushed a commit that listed my database credentials. How can I change that commit and make sure that information isn’t listed in my history? |
Beta Was this translation helpful? Give feedback.
Replies: 4 comments
-
HIiiiii! This totally happens sometimes, and you are not alone! In fact, it happens enough that we have a whole Help Doc on this: https://help.github.com/articles/removing-sensitive-data-from-a-repository/. I hope that helps and good luck! ❤️ |
Beta Was this translation helpful? Give feedback.
-
Ironically, you may have posted sensitive info when you created this post --> your github username. If you pushed sensitive information to a public repository, your original post implicitly told careful readers exactly where to go to find that sensitive information. |
Beta Was this translation helpful? Give feedback.
-
It’d probably be wise to change the credentials now also. AFAIK GitHub does not garbage collect, so anyone with the commit ID can still view the commit (even through the GitHub UI). |
Beta Was this translation helpful? Give feedback.
-
Yeah, I’d consider the credentials compromised at this point as well. That being said, as it mentions in the Help Doc @elizabethn pointed @tzmanics to, we can gc and clear the cache on a repository as needed. You just have to let us know that you’ve already done the other steps in that doc and then we’re happy to help make sure that the old URL is inaccessible :) |
Beta Was this translation helpful? Give feedback.
HIiiiii! This totally happens sometimes, and you are not alone! In fact, it happens enough that we have a whole Help Doc on this: https://help.github.com/articles/removing-sensitive-data-from-a-repository/.
I hope that helps and good luck! ❤️