Is a deleted branch on GitHub guaranteed to not leak data? #70144
-
Select Topic AreaQuestion BodySay I have accidentally pushed secrets to my private repo, on I do know that I should change my secrets, but what I'm wondering is, are there any risks to making this repo public later, when in the branch/commits view on GitHub there is seemingly no leaked secret. |
Beta Was this translation helpful? Give feedback.
Replies: 5 comments 2 replies
-
I'm not certain on what happens to the data when you delete a branch, but sensitive data is purgeable with a force push. Check the documentation. |
Beta Was this translation helpful? Give feedback.
-
I think there is a chance of data leak because your operations are store in .git file from which any person can know your all commits information if your repository is public. |
Beta Was this translation helpful? Give feedback.
-
I don't think that there's any guarantee that GitHub will delete an inaccessible commit. For example, here are some fake commits I made to simulate pushing a commit with secrets, then removing it from the history. The steps I took were:
Despite the fact that the bad commit was overwritten with a force-push (and the branch was deleted just in case), spenserblack/test-repo@ef50762 still links to a valid page, not a 404. At least at the time I'm writing this; it might change later. I think GitHub occasionally garbage-collects some inaccessible refs. So, even if the chances are small that someone will discover the commit, it's not a 0% chance as long as that commit continues to exist in the remote. You probably would want to try and see if someone on GitHub's team can delete the inaccessible commit to be safer, and get more advice from them on steps that you can take to mitigate risk. |
Beta Was this translation helpful? Give feedback.
This comment was marked as off-topic.
This comment was marked as off-topic.
-
Since there's a low quality off-topic answer marked as the answer, and as I've replied to another misleading answer, I think it's probably worth providing another top-level answer:
|
Beta Was this translation helpful? Give feedback.
Hi @Utsuhoagie
Deleting a branch on GitHub does not guarantee that the data is completely gone and won't be accessible. While the branch itself may not be visible in the branch/commits view, the data may still be present in the Git history until it gets garbage collected. Here are your answers..
Git retains a history of all commits, including those in deleted branches. Until Git runs its garbage collection process, which may take some time, the commit history with the leaked secrets may still exist in the repository.
GitHub may also retain data for a certain period, even after a branch is deleted. This is part of their data redundancy and backup mechanisms.
If you make the repository publ…