Comment by chipsrafferty

2 days ago

> Well, you might want to throw that entire repository away and restore it from a backup before the offending commit because it's so difficult to fix and guarantee that it's not hiding in there somewhere and while also not breaking something else.

I'm not a git expert but I cant image that's true

5 comments

chipsrafferty

dh2022 3 hours ago

Of course is not true - look into git filter branch. I had to use it once when a developer checked in a whole bunch of binaries and created a PR which ended being merged. I had to rewrite the history and delete the files from history - just deleting the files would not suffice because the file were in git history and we’re taking too m&ch space.

_3u10 1 day ago

It’s not you just need to force push or generate a new key…

Cpoll 16 hours ago

Perhaps proving the point here. That's not enough to eliminate the secret, the dangling commit will persist. Though this might be a nitpick, it's rather hard to get it from the remote without knowing the SHA.
> generate a new key
Is absolutely the right answer. If you pushed a key, you should treat it as already compromised and rotate it.
dgellow 1 day ago

You also need to clear the caches of the remote
chipsrafferty 1 day ago

Yeah it doesn't seem hard to rewrite the commit history