I accidentally committed a sensitive password into source control

时间:2015-06-25 18:21:15

标签: git

I accidentally committed a sensitive password into source control before pushing to the central repository.

I removed the password from my code and did git add -A . && git commit --amend and then git push origin master.

Is there any trace of the sensitive password in Git? In other words, when you run git commit --amend, does Git have any trace of the commit containing the sensitive data?

(I changed the password just to be sure.)

3 个答案:

答案 0 :(得分:0)

您首先需要以交互方式重新绑定并删除提交。 This guide有更多信息。这是通过git rebase -i --root master完成的。

在本地重新定位之后,您需要强制将提交推送到远程。请注意,这将破坏远程存储库的所有克隆副本的历史记录。理想情况下,您需要完全删除工作副本,然后再次git clone。强制推动:git push --force origin master

答案 1 :(得分:0)

如果在修改提交之前没有按下,则遥控器中没有密码跟踪。

但是,在提交垃圾回收之前,敏感密码仍然存在于本地存储库中。 git reflog将显示仍包含密码的提交。运行git gc将触发垃圾收集并从本地存储库中删除所述提交。

有关git gc的更多信息:https://www.kernel.org/pub/software/scm/git/docs/git-gc.html

答案 2 :(得分:-1)

Assuming that the commit that contained the password was the latest commit when you did git commit --amend, then the password should be totally removed. You can confirm this by checking out the relevant commits and looking for the password.