Skip to content

Commit

Permalink
config credentials
Browse files Browse the repository at this point in the history
  • Loading branch information
@bushblade
bushblade committed Jan 31, 2020
1 parent eb40803 commit 5d04a86
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 7 deletions.
3 changes: 2 additions & 1 deletion .gitignore
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
node_modules/
config/production.json
config/production.json
config/default.json
6 changes: 0 additions & 6 deletions config/default.json
View file

This file was deleted.

10 comments on commit 5d04a86

@RITIKHARIANI
Copy link

@RITIKHARIANI RITIKHARIANI commented on 5d04a86 Jun 12, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How did you remove the secret key from showing?
I ran this : git rm --cached config/default.json and also added it to .gitignore
But still the secret info can be seen by viewing the previous commits
How do i fix that?
Please help

@bushblade
Copy link
Collaborator Author

@bushblade bushblade commented on 5d04a86 Jun 12, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The order of commits is important.
add

config/production.json
config/default.json

to your .gitignore file.
Then add that file in git.
git add .gitignore
then commit
git commit -m 'fixing git'
Then

git rm --cached config/production.json
git rm --cached config/default.json

Then you should be ok to push to github.

@RITIKHARIANI
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did it in that order itself
Is it possible because i am the owner of the repository that i can see the previous commits even though i removed the cache?

@RITIKHARIANI
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When i click 'Load diff', I can see what was the content before and it displays my secret key and tokens.
How did you manage to get nothing shown ("" empty string ) in the mongoURI , in this commit?

@bushblade
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh yes if you've committed and pushed those files in the past, they will show in your history.

@bushblade
Copy link
Collaborator Author

@bushblade bushblade commented on 5d04a86 Jun 12, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you go back far enough in the history of this repo, you will see Brad's credentials.
Here for example

@RITIKHARIANI
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So there is nothing else i can do now to hide my credentials?

@RITIKHARIANI
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Making my repo private would be the best solution now, isn't it?

@bushblade
Copy link
Collaborator Author

@bushblade bushblade commented on 5d04a86 Jun 12, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You could reset you repository to a commit prior to adding the config files.
Or make your repository private.
Or create a new repository and remove the old one.
Or not worry about it and create a new database that you don't push the config for.

@RITIKHARIANI
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Alright, Thank you Will !

Please sign in to comment.