Reputation: 724
Git security - private information in previous commits
I'm working on a project mainly for a bit of fun.
I set up a twitter account and wrote a python script to write tweets.
Initially i hard-coded the twitter credentials for my app into my script (tweet.py)
Now i want to share the project so i have removed my app's credentials from tweet.py and added them to a config file. I have added the config file to .gitignore.
My question is, if someone forks my project, can they somehow checkout an old version of tweet.py which has the credentials? If so, what steps can i take to cover myself in this case?
Upvotes: 0
Views: 94
Answers (2)
Reputation: 114
Yes, anyone can see the old files in version history in git-hub free version. If you want to make your project secure, you have to pay for private repository in github.
If you dont wana pay, follow what @Stijin suggested.
Upvotes: 1
Reputation: 588
They can checkout an older version and check your credentials.
Two options I can immediately think of:
Less optimal: Change your credentials
There is also an entire page about this on github: Remove sensitive data
Upvotes: 2
Related Questions
- Removing private information from old Git commits
- Hide password in all previous commits on Github repo
- How to make source open when git history includes private information?
- GitHub public repo with sensitive information?
- Private and public Git repositories with sensitive data
- Removing sensitive info from all Git commits
- Private data in git-controlled sources
- Is there any personal information in the .git directory
- Hide sensitive information from git changes
- Protecting sensitive information in Git