Making a Git project open source when you have secret keys
https://stackoverflow.com/questions/4101568
-
29-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have a project on GitHub behind a private repository. I want to make the repo public. However, my project uses secret keys.
How can I make the project public while still protecting the "history" of those secret keys? I'm guessing I'm SOL, and should simply invalidate the keys to prevent their use.
Note that this is not the same question as How to open-source an application that uses API keys
or
How to handle 'open-sourcing' your application, when it uses a personal API key?
As my project is already on Git, the entire source history can be easily viewed. What I suppose I could do is branch off a separate project with the API keys hidden, and make that repo public. But then users would miss out on the entire branching history, which they may be curious about (I know I would).
Solution
You could remove the secret keys from the repository using a hammer like git filter-branch. There is a nice explanation on GitHub's help pages.
OTHER TIPS
I used a new .gitignore which already excluded all the private stuff/secret keys and copied everything into a fresh repository. If I ever need access again to the old git history, I have left a copy of it.
