|
|
|
|
|
|
by ben509
2298 days ago
|
|
|
I think you're miseducating your customers. If creds leak, rotate those creds. Then, you check your logs to make sure there was no intrusion. "Rotate the creds" gives the absolute best guarantee that they're useless. Three words I can explain to a nervous manager. "What if someone got ahold of those creds?" "Well, boss, here's the window in which it could have happened, and let's go over these logs together to see if it did." Scrubbing the repo? I'm skeptical that you're getting rid of anything without push --force, and you sure as heck aren't running `git gc --prune` on the remote system, let alone `bfg`. |
|
|