An Interest In:
Web News this Week
- April 26, 2024
- April 25, 2024
- April 24, 2024
- April 23, 2024
- April 22, 2024
- April 21, 2024
- April 20, 2024
How to prevent a public repo disaster!!
Let's say that you have finished a project you have been working for a long time and wish to make it public on GitHub.
After you make it public on GitHub then you realize you got a bunch of API keys, secret files, and a lot of files which should have been in the .gitignore
file
We all have been there once or going to be
So if you are that unfortunate guy there is a way to remove all signs of your leaked info in this example we can assume that our API key is in a file called .env
which is a file used to store environment variables
Step 1 : clone the repo into a temporary folder
mkdir repo_cleanup # makes a folder called repo_cleanupcd repo_cleanup # changing directory to repo_cleanupgit clone https://github.com/YOUR-USERNAME/YOUR-REPOSITORY . # clones the repo from which you want to remove the .env file
Step 2 :
git filter-branch --force --index-filter \"git rm --cached --ignore-unmatch .env" \--prune-empty --tag-name-filter cat -- --all
Introduce filter-branch magic that removes the naughty information (.env in our case)
Step 3 :
Add .env
to your .gitignore
file
Step 4 :
git add .gitgnoregit commit -m "Added .env to gitignore"
commit the .gitignore
file
Step 4 :
Commit the changes with --force
to remove the file from the history because if we don't do someone will be able to view the .env file in the repo's history
git push origin --force --allgit push origin --force --tags
Step 5 :
Why is removing API Key from public key is important
I would recommend that you read this https://nakedsecurity.sophos.com/2019/03/25/thousands-of-coders-are-leaving-their-crown-jewels-exposed-on-github/
Basically it is for safety purposes because if hackers got your key they could spam your key and drive your costs up which you definitely don't want!
Bye and have a good day!
Original Link: https://dev.to/aadityasivas/how-to-prevent-a-public-repo-disaster-3ge7
Dev To
An online community for sharing and discovering great ideas, having debates, and making friendsMore About this Source Visit Dev To