Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Git: Remove credentials from repository

At first: This is (hopefully) no duplicate of this or this.

The current status: I committed a file with credentials for an internal database to my Git repository. This was fine, as I used it only alone. Then my group started to clone, push and pull around in this project. We now have several Git repositories (one central and some developers).

The problem: We now want to give public access to the source code, and to the Git repository or at least let Git manage the details of others contributing to the code.

The question: What would be a good strategy to

a) remove the file with the credentials from the central or from all repositories, or

b) set up a new Git repository as kind of 'interface' to the outer world?

If choosing (b), how could we easily communicate changes back to the main repository?

Due to the already widespread distribution, we'd really like to not do a git rebase or a git filter-branch on each and every current repository.

like image 711
Boldewyn Avatar asked Feb 01 '10 10:02

Boldewyn


People also ask

How do I change my Git credentials?

To update your credentials, go to Control Panel -> Credential Manager -> Generic Credentials. Find the credentials related to your git account and edit them to use the updated passwords as per the image below: I hope this helps with your Git issues.

Where are Git credentials stored?

The default path for the git credential store is $HOME/. git-credentials (or $XDG_CONFIG_HOME/git/credentials, if the previous location doesn't exist).

How do I clear my Git credentials on Mac?

Open Keychain Access on your mac (you can use spotlight) Search for github.com. Select the github.com keychain item. Edit or delete your GitHub account credentials.


1 Answers

Sorry, but you're stuck with running git filter-branch if you want to delete the credentials from the main repository. See Removing sensitive data, written by the folks at GitHub.

Due to git's design, there's no way to force existing clones to delete the file from their respective histories.

You could sanitize a single branch and make it the basis for future development:

$ git checkout -b old-master master
$ git filter-branch ... master

Now you'd need to push the sanitized master to a new repo that contains only the clean master:

$ git push new-central master

Existing repos can add the new remote and git cherry-pick changes from their old branches over to the new clean master if necessary.

For the new repository, put some sort of barrier in place to prevent someone pushing sensitive data to it so you don't have the same problem all over again. This barrier might be a human being who controls the new central repository and reviews all patches to decide what goes in.

like image 135
Greg Bacon Avatar answered Oct 13 '22 10:10

Greg Bacon