I know that pushing a commit with an API key is something for which a developer should have his balls cut off, but…
…I’m wondering what I should do if, somehow, I accidentally commit an API key or other sensitive information, an environment variable to the repo.
Should I just revoke the access and leave it as is, or maybe locally remove this commit and force-push a new one without the key? How do you guys handle this situation in a professional environment?
Revoke, invalidate, rotate, blacklist, do whatever to make the key/information not usable for that system anymore. It’s an “exploit” (but more a defining feature of git) to record everything because each link is dependent on the last thing and even old branches can be brought back and searched through.