If you have discovered that you have just exposed a sensitive file or secrets to a public git repository, there are some very important steps to follow.

Aadarsh Kannan

Community Picks is a section on daily.dev where our community members share the most interesting and valuable content they've discovered online. From insightful articles to handy tools, every post is a gem curated by our dedicated coomunity. To contribute to Community Picks, you need to have at least 250 reputation points, ensuring that only active and trusted members can share their finds.

Community Picks

This post will go through the four steps needed to remove the risk and make sure it doesn't happen in the future. We are going to use the well-known BFG Repo-Cleaner The BFG is a simpler, faster (10 - 720x faster) alternative to git-filter-branch for cleansing bad data out of your git repository.

GitHub Leak: GitHub secrets best practices

Step 1. Revoke the secret and remove the risk

Step 2. (Optional) Permanently delete all evidence of the leak