Menu
I pushed my api key to github and pushed another commit that hid it. Can someone who clones my repo get the key from the earlier commit?
575
GitHub lets everybody download the whole git repository, which contains the whole project history (meaning the state of the repo at every commit can be rebuilt). You can even read and search the history online without cloning.
So yes, it's easy to find what you thought you deleted (you can have fun yourself searching for such removed keys in other repositories).
But this is a common enough problem, and there are solutions. That's why GitHub came with a permanent page helping you deal with the "oops I commited the API key" moment: https://help.github.com/en/articles/removing-sensitive-data-from-a-repository
Note that it doesn't take a lot of time to have a key (automatically) noticed. So if the API key or password is important, your first step should be to change your password or disable the key.
113
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
