从 Heroku Git Repo 中删除密钥

Removing Secret Key from Heroku Git Repo

我在 Heroku 的帮助下完成了一个项目。我使用环境变量等正确设置了密钥,没有提交包含任何密钥等的本地设置。

然后,查看哪些实际文件已被推送到 Heroku 中的 git 存储库,我发现了一个 'old_settings' 文件,纯粹由于疏忽而被遗漏了。该文件包含密钥。

我清理了文件并将更改推送到 repo (git push heroku master)。然后我删除了最后一个答案之后的所有过去提交:

removing commit history in git

这样可以吗?阅读 Mipadis 答案似乎是这样的:

Pushing secret keys to heroku, safe?

这应该是一个问题,还是认为问题已解决?

感谢任何反馈,如果我的英语有任何混淆,我很乐意澄清。

编辑

以与 Django 相同的方式生成新密钥,并更新 Heroku 环境变量

heroku config:set secret_key=NEWKEY.

问题仍然存在:这就足够了吗?

GitHub states:

Warning: Once you have pushed a commit to GitHub, you should consider any data it contains to be compromised. If you committed a password, change it! If you committed a key, generate a new one.

This article tells you how to make commits with sensitive data unreachable from any branches or tags in your GitHub repository. However, it's important to note that those commits may still be accessible in any clones or forks of your repository, directly via their SHA-1 hashes in cached views on GitHub, and through any pull requests that reference them. You can't do anything about existing clones or forks of your repository, but you can permanently remove cached views and references to the sensitive data in pull requests on GitHub by contacting GitHub Support or GitHub Premium Support.

最好生成一个新的密钥以确保安全。