.gitignore for .TOML files not applied correctly?

#1

Hi,

I have created a project that uses a .toml file containing sensitive information for authenticating to a system. That .toml file is at the root of the project.

I added that specific .toml file to the .gitignore but it still gets pushed to the remote repository.

Any idea as to what supersedes the .gitignore ?

(The .toml file was indeed created before I added it to the .gitignore, but I deleted the remote repo and re-created it then pushed it at the current revision and it still is there )

#2

That’s because the .toml file has already been committed to your git repo’s working tree - even if you delete the remote, it’s still tracked in your local history. Remember: git is a distributed version control system. The whole of your source’s history is stored locally, as well, so deleting the remote won’t get rid of that history.

What you need to do is rewrite your history to completely purge the sensitive information from your history. There’s a good tutorial on GitHub on how to do that.

3 Likes
#3

Thanks,
I indeed tried to replicate the problem and can confirm it must come from my git local history.