如何正确删除推送到 Git 存储库的敏感数据?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/29741476/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How do I properly remove sensitive data pushed to a Git repo?
提问by NRKirby
I pushed a file containing a password to my repo by mistake - FYI the repo is just a small personal project.
我错误地将一个包含密码的文件推送到我的仓库 - 仅供参考,该仓库只是一个小型个人项目。
Once I realised the password was present I added the file to .gitignoreand executed git rm -r --cached <filename>, committed and pushed to the repo.
一旦我意识到密码存在,我将文件添加到.gitignore并执行git rm -r --cached <filename>、提交并推送到存储库。
I now realise the password is still present in the history - what is the best way to remove it?
我现在意识到密码仍然存在于历史记录中 -删除它的最佳方法是什么?
I read the Remove sensitive datapage on Github which suggests changing the password - which I have done - but I would like to remove the history as well.
我阅读了Github 上的删除敏感数据页面,该页面建议更改密码 - 我已经完成了 - 但我也想删除历史记录。
回答by Tim Biegeleisen
Since you have already made 5 commits since the commit containing the clear text password, you best bet is to do a git rebase -iin interactive mode on your local branch. Find the SHA-1 of the commit where you added the clear text password, and type the following:
由于自包含明文密码的提交以来您已经进行了 5 次提交,因此最好的办法是git rebase -i在本地分支上以交互模式进行。找到您添加明文密码的提交的 SHA-1,然后键入以下内容:
git rebase --interactive dba507c^
where dba507care the first 7 characters of the SHA-1 for the bad commit.
dba507c错误提交的 SHA-1 的前 7 个字符在哪里。
Change this:
改变这个:
pick dba507c comment for commit containing clear text password
To this:
对此:
edit dba507c I have removed the clear text password
Make the change to the password file to remove the clear text, then commit your result like this:
更改密码文件以删除明文,然后像这样提交结果:
git commit --all --amend --no-edit
git rebase --continue
Finish the rebase, then push your (correct) local branch to the remote via:
完成 rebase,然后通过以下方式将(正确的)本地分支推送到远程:
git push -f origin your_branch
You will need to force push your_branchbecause you have rewritten history (by modifying the password file). Now you have all your latest commits, but you have removed the clear text.
您将需要强制推送,your_branch因为您已经重写了历史记录(通过修改密码文件)。现在你有了所有最新的提交,但你已经删除了明文。
回答by hek2mgl
If it was the previous commmit, then remove the password from the file and run
如果是之前的提交,则从文件中删除密码并运行
git add file_with_pwd
git commit --amend
git push -f origin master
Note: Once you posted that here on Stackoverflow, many guys may have already cloned the repo (you have the same username on github and just one repository). Change the password!
注意:一旦你在 Stackoverflow 上发布了它,很多人可能已经克隆了这个 repo(你在 github 上有相同的用户名,只有一个存储库)。改密码!
