如何正确删除推送到Git仓库的敏感数据? [英] How do I properly remove sensitive data pushed to a Git repo?
问题描述
一旦我意识到密码存在,我就添加了一个包含密码的文件将文件保存到 .gitignore
并执行 git rm -r --cached< filename>
,提交并推送到repo。
我现在意识到密码仍然存在于历史记录中 - 删除它的最佳方法是什么?
我阅读了删除敏感数据在Github上建议你修改密码 - 我已经这样做了 - 但我想删除历史记录。 解决方案
既然您自提交包含明文密码后已经提交了5次提交,最好的办法是在本地分支上以交互模式执行 git rebase -i
。找到添加了明文密码的提交的SHA-1,然后输入以下内容:
git rebase --interactive dba507c ^
其中 dba507c
是前7个
改变这一点:
选择包含明文密码的提交的dba507c注释
对此:
编辑dba507c我已经删除了明文密码
对密码文件进行更改以删除明文,然后像这样提交结果:
git commit --all --amend --no-edit
git rebase --continue
git push -f origin your_branch $ b>完成rebase,然后将您的(正确的)本地分支推送到远程: $ b
您需要强制推送 your_branch
becau你是否重写了历史记录(通过修改密码文件)。现在你有所有最新的提交,但你已经删除了明文。
I pushed a file containing a password to my repo by mistake - FYI the repo is just a small personal project.
Once I realised the password was present I added the file to .gitignore
and executed git rm -r --cached <filename>
, committed and pushed to the repo.
I now realise the password is still present in the history - what is the best way to remove it?
I read the Remove sensitive data page on Github which suggests changing the password - which I have done - but I would like to remove the history as well.
Since you have already made 5 commits since the commit containing the clear text password, you best bet is to do a git rebase -i
in interactive mode on your local branch. Find the SHA-1 of the commit where you added the clear text password, and type the following:
git rebase --interactive dba507c^
where dba507c
are the first 7 characters of the SHA-1 for the bad commit.
Change this:
pick dba507c comment for commit containing clear text password
To this:
edit dba507c I have removed the clear text password
Make the change to the password file to remove the clear text, then commit your result like this:
git commit --all --amend --no-edit
git rebase --continue
Finish the rebase, then push your (correct) local branch to the remote via:
git push -f origin your_branch
You will need to force push your_branch
because you have rewritten history (by modifying the password file). Now you have all your latest commits, but you have removed the clear text.
这篇关于如何正确删除推送到Git仓库的敏感数据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!