You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
i.e. the git scanner still finds the secret, while at the same time trying to checkout the specific commit results in an error
git checkout <commit-sha-where-the-sensitive-data-was-added>
error: pathspec '<commit-sha-where-the-sensitive-data-was-added>' did not match any file(s) known to git
The text was updated successfully, but these errors were encountered:
I ran
trufflehog
against my GitHub Org. I discovered some secrets.I then followed the steps below to cleanup my history
Installed
bfg
repo cleaner andtrufflehog
Performed
git clone --bare [email protected]:MyOrg/MyRepo.git
Created a file named
sensitive.txt
with one line, containing a password that had been leaked into GitHub.Executed
bfg --replace-text sensitive.txt
Run
git reflog expire --expire=now --all && git gc --prune=now --aggressive
from within the bare repo's folderRun
git push --force --all
Now comes the interesting part.
The secret is still available in GitHub when I visit
This is more or less expected since github states that:
So running
still finds that commit and the secret.
What I don't understand is why
i.e. the
git
scanner still finds the secret, while at the same time trying to checkout the specific commit results in an errorThe text was updated successfully, but these errors were encountered: