So, you've committed a secret, what next?

We recently had an email service token leak, which resulted in 1.2 mil scam emails being sent from the company noreply mail, so this is very important advice!

focksen

Just always use commit in combination with push -f to annoy your comrades

sprez

Tbh if i find a leak with this tool im just gonna rotate the secret rather than mess around with git

dandogamer

8:12 force pushing to a remote is fine if you own the branch. Don't force push shared branches like main. Do force push branches that only you have committed to, it's a very good way to clean up and reorganize a branch pre-merge.

If you feel uncomfortable knowing when it's ok to force push and when it's not, study and practice git, it's worth it.

orterves

3:00 This is MUUUCH easier with lazygit, you just go to the leaking commit, press enter, find the file, press enter again, select the line of the secret, press ctrl+p to open custom patch options menu and then press d or select Remove patch from original commit and you're done

coffee-is-power

Your spinning warning symbol graphic at 8:07 seems to rotate around an axis aligned with its face rather than its midpoint, and has a weird smear on the frame its parallel to camera.

vtacos

Thanks for featuring my tool! Great video!

zacharyrice

I'd go with `git commit --amend` if you really just need to fixup the last commit. No need to temporarily undo it completely with `git reset --soft HEAD~1`.

Also, one should use the "dotenvy" crate for Rust; "dotenv" is no longer maintained.

Possseidon

Thanks for thoroughly explaining how to resolve these issues as I bet this guidance will help give people the solutions they need to get these issues approved to fix.

elizabethharasymiw

This was really informative Thank you. I just recently gave an interview and I was presented with this EXACT question.

shubhamarya

Please make a video going deeper into this, gitleaks, thanks in advance

AlvaroOByrne

I liked your video. Thanks a lot for doing them. What about the git filter-repo and other tools that might edit only the needed parts of the commits history?

nickgramru

A note on `gitleaks`! Please think about how the tool does detection and react accordingly. Do not blindly run the tool on code you do not personally have distribute rights to. Definitely perform a full audit of the tool when running against mission critical code.

codeman-dev

this is more of a git tutorial on interactive rebasing for me, extremely educational stuff

rumble_bird

Well Done Tris. I am still not used to seeing your mug in these videos. Clearly articulated, demonstrated, and now to get lazy devs to follow suit....

roganl

I'd love to see videos in the future which go deeper into especially those things said in the last minute (Pre commits generally, other secret solutions and generally secret managers) ❤

trueberryless

Step 1 after encountering a leak should be to invalidate the credentials.

FlorianWendelborn

would have been nice if I had this information about 2 months ago :) thanks for pushing this out though!

yjefecustom

How do you feel about the “git commit --fixup”/“git rebase --autosquash --interactive” combo?

thomasrichards

Superb content as always. I am waiting for a full microservices course from you. 😁

bijayaprasadkuikel