34

// Rant

I can understand that people accidentally commit something sensitive to GitHub, I did it too once, but ...

WHY THE FUCK DO YOU MAKE YOUR MISTAKE WORSE BY MAKING IT SEARCHABLE VIA THE GLORIOUS COMMIT MESSAGE OF "REMOVING PASSWORD"

... seriously just google "git remove password" and there is a step by step guides on how to remove sensitive data from git.

Reference (320,006 free passwords):
https://github.com/search/...

Comments
  • 2
    Because they can?
    OK, I'm outta here!
  • 3
    I do that as well but I am sure it wont be useable since I revoked the tokens before.
  • 5
    Why would you not rebase this shit and make a push --force like I do on the shitter every day D:<
  • 5
    I knew someone who committed an API key by mistake. So she deleted the entire repository, made a new one with everything inside "initial commit" and pushed it.
    All this instead of just a simply Google search
  • 1
    Ghost of Jimmy hendrix: "Here I come baby, I'm comin to GITCHA"
  • 2
    It's already 320,306 😂
  • 3
    I once left my keys of my AWS account... Less than 24h after the push I had a debt of 1400€ to Amazon. They warned me that something was suspicious and refunded me.
    Good guy Amazon ! Now I triple check every commit.
  • 0
    @SubhrajyotiSen If you can delete the repo from the remote, you can as well do a soft reset before the faulty commit, make a correct new one, delete the repo and then push everything with all the history. The only pseudo advanced command is the reset, and if you are using git I bet you used it more than once.
    The real problem is when you cannot delete the remote.
  • 0
    @wil222 agreed. If you can't delete remote and if it's completely safe, maybe a force push after reset. But that person literally got rid of commit history and made everything go into one commit. Not even a squash
Add Comment