Unable to Push to GitHub Due to Secret Scanning #140034
Replies: 2 comments
-
Hi @anna-rosew! The best place to go for answers to account-specific questions like this one is opening a ticket on our Support page. Please open a ticket with them :) |
Beta Was this translation helpful? Give feedback.
-
🕒 Discussion Activity Reminder 🕒 This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions: 1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as 2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own. 3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution. Note: This dormant notification will only apply to Discussions with the Thank you for helping bring this Discussion to a resolution! 💬 |
Beta Was this translation helpful? Give feedback.
-
Code Security
Bug
Body
I am trying to push a large set of changes to a new GitHub repository, but my pushes are being rejected due to GitHub's Push Protection detecting secrets in previous commits. The push fails with the following error: `remote: error: GH013: Repository rule violations found for refs/heads/main.
Troubleshooting Methods Tried (All Failed)
Initial Push Attempt
Tried pushing the repository normally after removing the sensitive file.
Result: GitHub Push Protection blocked the push due to the presence of API keys in the Git history.
Increased Buffer Size
Increased the http.postBuffer size using:
git config --global http.postBuffer 524288000
Result: The push still failed due to detected secrets.
Forced Push to New Repository
Created a new GitHub repository with the URL: https://github.com/anna-rosew/return-to-the-source.git
Attempted to push the changes using:
git push new-origin main --force
Result: The push failed due to both the size of the repository and the Push Protection error regarding the same API key in the commit history.
Tried Git Interactive Rebase
Used git rebase -i to manually edit old commits containing the sensitive information:
Ran:
git rebase -i HEAD~n
Marked the problematic commits for editing and removed sensitive data using git rm and git commit --amend.
Result: This method did not solve the problem, as the secrets were from older commits not easily accessed via this approach.
Used git filter-repo to Remove Sensitive Data
Installed and used git filter-repo to remove the sensitive file from the history:
git filter-repo --path secrets.env --invert-paths
Result: This seemed to rewrite the history locally, but pushing still failed due to GitHub detecting the same API key.At this point, I have attempted numerous methods to clean the commit history and push the project, but I am blocked by the detection of secrets. I’ve tried filtering the repo, increasing buffer size, and pushing to a new repository, all of which have failed.
Beta Was this translation helpful? Give feedback.
All reactions