In today’s digital age, it’s easier than ever to share your code and contribute to public projects, often as a way to showcase your portfolio. However, the open nature of these platforms can sometimes lead to accidentally sharing personal information, like your email address. Here’s a simple guide on how to keep your personal information safe while still sharing your work publicly.
- Use Dedicated Email Address: Create an email address specifically for your GitHub account or other open source activities. This way, even if your email address is exposed, your personal email remains secure.
configure your git settings to use this email address:
git config --global user.email "dedicated-email@example.com"
-
Use github's Private Email Feature: Github provides a feature for developers to keep their email address private for commits.
Here's how you can do it.- Navigate to https://github.com/settings/emails
- Add Email Address that you might not want to expose.
- Check the
Keep my email addresses private
option. In the description section you can find yourusername@users.noreply.github.com
email which will be used for web based activities. - Check
Block command line pushes that expose my email
option. While performing push operations, github will check if the latest commit has your private email, if yes the operation will be blocked and git will warn you about the exposing of the private email.
- Configure your local git settings to use your github noreply email.
git config --global user.email "username@users.noreply.github.com"
what if your email is already exposed ?
WARNING ⚠️ : This option will rewrite your git history, hash values of the commits, so use carefully.
- Install
git-filter-repo
: tool used to rewrite the git repository history. -
git log --all --format='%h %ad %an <%ae> %cn <%ce>’
to check which email addresses are exposed in commits. -
use the below command to rewrite your commit history and replace your exposed email.
git filter-repo --commit-callback ' if commit.author_email == b"your_exposed_email": commit.author_email = b"github-email@users.noreply.github.com" if commit.committer_email == b"your_exposed_email": commit.committer_email = b"github-email@users.noreply.github.com" '
This might remove your remote references, so verify it using
git remote -v
if removed, add the remote references back. confirm the changes with
git log --all --format='%h %ad %an <%ae> %cn <%ce>’
.-
since the above command rewrites the git history, you need to force push these changes.
If the repository is big, this push can give you error because of the limited buffer size for http operations.
use below command to increase your git http buffer size.
git config --global http.postBuffer 157286400 # ~150MB
It is best to avoid third option, Since you are mostly working in groups in open source projects and it is not a wise to completely rewrite the git history. So,
- Avoid hardcoding personal information.
- Educate yourself About open source best practices.
- Regularly review your repositories.
And be mindful of the data you share.
Top comments (4)
Great information
I am curious however would this effect the signing of commits ?
Hi Mark, Thank you for pointing it out. Yes, once the history is rewritten, commits will no longer be signed.
Hi Roshan
Thank you for your reply.
So how would you be able to have the privacy described in your article and be able to maintain signing the commits? That I would really like to figure out!
Hi Mark,
Rewriting the history should not be the first option, but if you must and if your concern is to maintain the signing of the commits, one solution could be to :
amend
andno-edit
flag and then rebase the commit back to the main branch. if there are multiple commits that needs signing, you can automate it with bash scripts.