How do I stop committing secrets like API keys to Git, and remove one I already pushed?
intermediate
· 7 views ·
asked 3 days, 11 hours ago
by Tai
0
Context
Personal project on GitHub (public repo). A .env file with a Stripe secret key and a database password was committed and pushed three commits ago. The repo has one other collaborator.
Expected
Secrets should never appear in the repository history, and the exposed keys should be made useless to anyone who saw them.
What Happened
The .env file is visible in the GitHub history. Adding it to .gitignore now hides it from new commits, but the old commits still expose the keys.
Question comments
Short clarifications and small follow-ups about the question itself.
No comments on the question yet.
0 Answers
No answers yet. Be the first to help!