[bombcar]

And as a double FYI this means a force push does not permanently delete sensitive data! Beware. Rotate that API key, even if it's a pain in the arse.

[nstj]

This is a lesser understood corollary of my comment :). Thanks for calling it out ;)

[globular-toast]

That goes for any time you send data to a third party or over a channel you don't control. Compromised is compromised. There is no going back.

I hate things like "email recall" in Outlook or deleting messages in Teams etc because it trains normies into thinking you can recover from a compromise.