Git
Removing a Leaked SSH Key from Git History with BFG Repo-Cleaner
How to surgically remove an accidentally committed SSH private key from a Git repository's history using BFG Repo-Cleaner — the fast, focused alternative to git filter-branch
It happens to almost everyone, eventually.
You stage your changes, type git commit -am "wip", push — and a few minutes later realize that id_rsa (or .env, or credentials.json) was sitting in the working directory the whole time. The file is now in the remote, in every clone, in every CI cache, and worst of all: in the git history, where a simple git rm won’t touch it.
This post walks through fixing exactly that scenario with BFG Repo-Cleaner — a tool purpose-built for ripping unwanted blobs out of git history.
Stop Committing Secrets: A Practical Guide to Pre-Commit Secret Detection
How to combine Gitleaks as a fast pre-commit hook with TruffleHog in CI/CD for verified secret scanning, plus strategies for handling false positives
Stop Committing Secrets: A Practical Guide to Pre-Commit Secret Detection
You’ve done it. Or someone on your team has. A .env file slips into a commit, an AWS key ends up in a config file, a GitLab token gets hardcoded in a script “just for testing”. A few minutes later it’s in your git history — forever.
This post covers the current best practice for catching secrets before they ever touch your repository, without drowning your team in false positives.