Time to time it happens, that you will commit, by mistake, some kind of file with sensitive information into Git repository. It is very unpleasant situation because you exposed your secrets to the whole internet - if it was public repository.
GitHub (and probably other repository providers too) have nice feature, that it scans all newly commited files for probably sensitive data and will notice you about that. Even Amazon should have something similar, because when I commited and pushed .env file with api-key for amazon service - I got mail from amazon about that and that key was temporary disabled.
When it happens to you - fortunately it is way how to remove that file. But do it as quickly as possible, because every second, when your secrets are exposed like this will rise likelihood of abusing it.
I will also suggest, that when that data was exposed more than a few hours, you should also change all that passwords, regenerate secret keys etc...
- Create a .gitignore file, if you haven’t already
- Edit .gitignore to match the file/folder you want to ignore
- Execute the following command: .git rm --cached path/to/file. Git will list the files it has deleted. The --cached flag should be used if you want to keep the local copy but remove it from the repository.
- Verify that these files are being deleted from version control using git status
- Push the changes to the repository
- Create a .gitignore file, if you haven’t already
- Edit .gitignore to match the file/folder you want to ignore
- Execute the following command: .git rm --cached path/to/file. Git will list the files it has deleted. The --cached flag should be used if you want to keep the local copy but remove it from the repository.
- Verify that these files are being deleted from version control using git status
- Push the changes to the repository
No comments:
Post a Comment