At first: This is (hopefully) no duplicate of this or this.
The current status: I committed a file with credentials for an internal database to my Git repository. This was fine, as I used it only alone. Then my group started to clone, push and pull around in this project. We now have several Git repositories (one central and some developers).
The problem: We now want to give public access to the source code, and to the Git repository or at least let Git manage the details of others contributing to the code.
The question: What would be a good strategy to
a) remove the file with the credentials from the central or from all repositories, or
b) set up a new Git repository as kind of 'interface' to the outer world?
If choosing (b), how could we easily communicate changes back to the main repository?
Due to the already widespread distribution, we'd really like to not do a git rebase
or a git filter-branch
on each and every current repository.
To update your credentials, go to Control Panel -> Credential Manager -> Generic Credentials. Find the credentials related to your git account and edit them to use the updated passwords as per the image below: I hope this helps with your Git issues.
The default path for the git credential store is $HOME/. git-credentials (or $XDG_CONFIG_HOME/git/credentials, if the previous location doesn't exist).
Open Keychain Access on your mac (you can use spotlight) Search for github.com. Select the github.com keychain item. Edit or delete your GitHub account credentials.
Sorry, but you're stuck with running git filter-branch
if you want to delete the credentials from the main repository. See Removing sensitive data, written by the folks at GitHub.
Due to git's design, there's no way to force existing clones to delete the file from their respective histories.
You could sanitize a single branch and make it the basis for future development:
$ git checkout -b old-master master
$ git filter-branch ... master
Now you'd need to push the sanitized master to a new repo that contains only the clean master:
$ git push new-central master
Existing repos can add the new remote and git cherry-pick
changes from their old branches over to the new clean master if necessary.
For the new repository, put some sort of barrier in place to prevent someone pushing sensitive data to it so you don't have the same problem all over again. This barrier might be a human being who controls the new central repository and reviews all patches to decide what goes in.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With