Ahh shhgit! – Find leaked secrets in real time across GitHub, GitLab and BitBucket

Software developers can accidentally leak sensitive information, particularly secret keys for third party services, across code hosting platforms such as GitHub, GitLab and BitBucket. These secrets — including the data they were protecting — end up in the hands of bad actors which ultimately leads to significant data breaches.

Imagine being able to monitor the entirety of GitHub, GitLab and BitBucket to find any secrets accidentally committed in real time. Well, we’re in luck. All three platforms provide a public ‘real time firehose’ events API, that details various activity streams on the site, including code commits.

Ahh shhgit! will watch this real-time stream and pull out any accidentally committed secrets.

shhgit: find secrets in real time across GitHub, GitLab and BitBucket →
Ahh shhgit! (Introductory Blogpost) →

⚠️ Don’t think you can quickly undo the commit (and force push) to remove your leaked secret. Once it’s out there, it will be abused. See The $2375 Amazon AWS mistake for example.

Squash all Git commits with git squash-all

Freek just shared his workflow to squash all git commits into one single commit — Handy for when you’re pushing a first public release of a project. His process involves removing the .git folder and starting off fresh again with a git init.

Wondering if there are handier/shorter ways to achieve this I set off on a Google Search and found some answers as detailed in this StackOverflow thread. Let’s go over the techniques mentioned.

~

1. Using Orphan Branches

As per Git Documentation:

The first commit made on an orphan branch will have no parents and it will be the root of a new history totally disconnected from all the other branches and commits.

This can be useful when you want to publish the tree from a commit without exposing its full history. You might want to do this to publish an open source branch of a project whose current tree is “clean”, but whose full history contains proprietary or otherwise encumbered bits of code.

After you’ve created the orphan branch, you swap it out the with the “old” master:

# Create a new branch, with no parent commits
git checkout --orphan squashed-master master
git commit -m "🎉 First commit"

# Overwrite the old master branch with the new one
git branch -M squashed-master master

~

2. Using git commit-tree

Creates a new commit object based on the provided tree object and emits the new commit object id on stdout.

The command below will create one commit object using git commit-tree and then reset the HEAD to that commit:

git reset $(git commit-tree HEAD^{tree} -m "🎉 First commit")

~

Alias it!

Since the git commit-tree method is a git one-liner, you can alias it:

git config --global alias.squash-all '!f(){ git reset $(git commit-tree HEAD^{tree} -m "${1:-🎉 First commit}");};f'

From then on you can just run git squash-all in any repo of your liking:

git squash-all

🙂

I’ve also added this alias to ./freshinstall, a tool which I built to automatically configure macOS (Preferences, Dotfiles, Installed Software, etc)

~

Pushing your newly created branch

Since you rewrote history, you’ll need to use --force when pushing your newly created branch.

git push --force origin master

~

Did this help you out? Like what you see?
Thank me with a coffee.

I don't do this for profit but a small one-time donation would surely put a smile on my face. Thanks!

☕️ Buy me a Coffee (€3)

To stay in the loop you can follow @bramus or follow @bramusblog on Twitter.

My favourite Git commit

David Thompson on his favorite Git commit: a single character fix, but with one hell of an explanation:

In a different organisation, from a different developer, this entire commit message might have been change whitespace, or fix bug, or (depending on the team’s culture) some less than flattering opinions about the inventor of the non-breaking space. Instead, Dan took the time to craft a really useful commit message for the benefit of those around him. I’d like to step through a few of the ways I think this is a really good example.

My favourite Git commit →

Quickly browse the history of any GitHub file with GitHistory.xyz

  1. Replace github.com with github.githistory.xyz in any file url
  2. There’s no step two

I see a good use case for education/demos this. Also love how everything flies in and out of the screen. Smooth

GitHistory.xyz →
GitHistory.xyz Source (GitHub) →

gitmoji – An emoji guide for your commit messages

Gitmoji is an initiative to standardize and explain the use of emojis on GitHub commit messages. Using emojis on commit messages provides an easy way of identifying the purpose or intention of a commit with only looking at the emojis used.

Next to the guide there’s also a CLI binary to help you perform commits (in case you don’t want to do it manually)

gitmoji →
gitmoji-cli →

Microsoft GVFS (Git Virtual File System)

Interesting stuff by Microsoft. to handling big repositories such as their Windows code base which “has over 3.5 million files and is over 270 GB in size”. Instead of splitting the code into several manageable submodules, they’ve created a virtual filesystem to support big repositories:

GVFS (Git Virtual File System) virtualizes the file system beneath your repo and makes it appear as though all the files in your repo are present, but in reality only downloads a file the first time it is opened.

GVFS also actively manages how much of the repo Git has to consider in operations like checkout and status, since any file that has not been hydrated can be safely ignored. And because we do this all at the file system level, your IDEs and build tools don’t need to change at all!

Announcing GVFS (Git Virtual File System) →

(via Mattias)