Today I Learned

What to do when you commit secret in git

It depends.

If you made a commit just now

Remove the commit using BFG or filter-branch

If you have pushed the commit to repository

CHANGE THE SECRET!

All secrets that get pushed to remote repository should be treated as compromised and you cannot be 100% sure it haven’t been pulled by somebody else. github docs

You should still cleanup your commit using methods above to prevent confusion among other devs if they stumble upon the secret in the codebase (even if it’s already changed, they might not know about it)

It’s better to prevent

Git secrets prevents you from commiting secrets https://github.com/awslabs/git-secrets


Github docs