portfolio-website/SECURITY_CLEANUP.md

1.1 KiB

Security Cleanup - April 9, 2026

What happened

Sensitive data (code exports containing potential tokens) was accidentally committed to git history in commit 2807a55.

Actions taken

  1. Removed sensitive files from tracking (code_export.txt, code_export.ps1.test.txt)
  2. Added proper .gitignore to prevent future leaks
  3. Used git-filter-repo to completely remove files from entire git history
  4. Prepared for force-push to rewrite remote history

Next steps (MANUAL)

  1. CRITICAL: Revoke the exposed Gitea token immediately in Gitea settings
  2. Generate a new Gitea token
  3. Update any services using the old token
  4. Execute: git push --force origin master to rewrite remote history
  5. Notify any collaborators to re-clone the repository

Prevention

  • .gitignore now blocks code_export.txt and similar files
  • export_code.ps1 already has exclusions for sensitive patterns
  • Always review git status before committing

Verification

After force-push, verify that sensitive files are not in history:

git log --all --full-history -- code_export.txt
# Should return nothing