I know that pushing a commit with an API key is something for which a developer should have his balls cut off, but…

…I’m wondering what I should do if, somehow, I accidentally commit an API key or other sensitive information, an environment variable to the repo.

Should I just revoke the access and leave it as is, or maybe locally remove this commit and force-push a new one without the key? How do you guys handle this situation in a professional environment?

  • RonSijm@programming.dev
    link
    fedilink
    arrow-up
    6
    ·
    4 months ago

    If it’s a public repo, revoke the key (on your own/company repo it might not matter so much)

    Then

    • git reset head~1
    • remove api key
    • git push - f