Add security cleanup documentation
Deploy to Production / deploy (push) Successful in 10s
Details
Deploy to Production / deploy (push) Successful in 10s
Details
This commit is contained in:
parent
bce5d5720e
commit
aa40b0803d
|
|
@ -0,0 +1,29 @@
|
||||||
|
# Security Cleanup - April 9, 2026
|
||||||
|
|
||||||
|
## What happened
|
||||||
|
Sensitive data (code exports containing potential tokens) was accidentally committed to git history in commit 2807a55.
|
||||||
|
|
||||||
|
## Actions taken
|
||||||
|
1. ✅ Removed sensitive files from tracking (code_export.txt, code_export.ps1.test.txt)
|
||||||
|
2. ✅ Added proper .gitignore to prevent future leaks
|
||||||
|
3. ✅ Used git-filter-repo to completely remove files from entire git history
|
||||||
|
4. ✅ Prepared for force-push to rewrite remote history
|
||||||
|
|
||||||
|
## Next steps (MANUAL)
|
||||||
|
1. **CRITICAL**: Revoke the exposed Gitea token immediately in Gitea settings
|
||||||
|
2. Generate a new Gitea token
|
||||||
|
3. Update any services using the old token
|
||||||
|
4. Execute: `git push --force origin master` to rewrite remote history
|
||||||
|
5. Notify any collaborators to re-clone the repository
|
||||||
|
|
||||||
|
## Prevention
|
||||||
|
- .gitignore now blocks code_export.txt and similar files
|
||||||
|
- export_code.ps1 already has exclusions for sensitive patterns
|
||||||
|
- Always review git status before committing
|
||||||
|
|
||||||
|
## Verification
|
||||||
|
After force-push, verify that sensitive files are not in history:
|
||||||
|
```bash
|
||||||
|
git log --all --full-history -- code_export.txt
|
||||||
|
# Should return nothing
|
||||||
|
```
|
||||||
Loading…
Reference in New Issue