如何在git提交历史记录中删除敏感数据(API_KEY)? [英] How to remove sensitive data (API_KEY) across git commit history?
问题描述
我完成了一个要求我使用api_key的android项目.我已经在build.gradle文件中添加了api密钥,如下所示:
I finished an android project that requires me to use an api_key. I've added the api key in my build.gradle file like this:
buildTypes.each {
it.buildConfigField "String", "MDB_API_KEY", "\"243248324293938243\""
}
(这是一个随机数btw)
(that's a random number btw)
现在我完成了项目,我需要将其上传到Github,以进行代码审查.在这样做之前,我被要求删除api密钥,然后我做了
Now that I finished the project I need to upload it to Github, for code review. Before doing so, I was asked to remove the api key, and I did
buildTypes.each {
it.buildConfigField "String", "MDB_API_KEY", *putYaOwnApiKeyBrothar*
}
并承诺.
但是,如果我将所有内容推送到Github,他们可以访问任何较早的提交,并检索我的api_key.
But if I push everything to Github, they could access any older commit, and retrieve my api_key.
我也看到了类似的问题,解决方案似乎是git filter-branch,但似乎它在整个提交历史记录中删除了一个特定的文件.我只想删除键(或该行),因为我希望* putYaOwnApiKeyBrothar *代码在我的所有提交中都可用.(以防他们必须检查较旧的).
I've seen similar questions, and the solution seems to be git filter-branch, but it seems that it removes a specific file across the commit history. I want to remove just the key (or that line, for that matter), since I want the *putYaOwnApiKeyBrothar* code available in all my commits. (In case they have to check an older one).
那有可能吗?有没有简单的方法?如果没有,我该怎么办?我在蠢吗?
Is that even possible? Is there a simple way? If not, what should I do? Am I being dumb?
推荐答案
git filter-branch 是的路.它具有各种过滤器,您可以从历史记录中删除文件,但也可以根据需要修改文件.在您的情况下,您想将-tree-filter 选项与用于替换文件中String的命令一起使用.类似于 git filter-branch --tree-filter"sed -i's/243248324293938243/putYaOwnApiKeyBrothar/'your/file/here" --tag-name-filter cat --all
git filter-branch is the way to go. It has various filters and you can remove files from the history, but you can also modify the files as you like. In your case you want to use the --tree-filter option with a command that replaces the String in your file. Something like git filter-branch --tree-filter "sed -i 's/243248324293938243/putYaOwnApiKeyBrothar/' your/file/here" --tag-name-filter cat --all
(如果您使用的是macOS(或任何* BSD),请在sed -i之后添加'')
(if you are on macOS (or any *BSD) add '' after sed -i)
这篇关于如何在git提交历史记录中删除敏感数据(API_KEY)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
