An organization discovers passwords in application code stored on a public repository. Which action addresses the exposure while preserving existing commits for future reference?
Delete past commits to remove sensitive references
Purge the repository but retain the existing secret for continuity
Scrub references from upcoming code commits and rotate the compromised secret
Redact the latest commit so passwords are no longer visible
To preserve repository history while preventing further exposure, it’s best to remove the sensitive credential from all new commits and immediately rotate the compromised secret. This ensures that future use of the exposed value is invalidated, and no additional commits contain the sensitive data. Other actions, such as deleting commit history or redacting a single commit, do not address all instances of exposure and may introduce operational or audit challenges.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is rotating a compromised secret important?
Open an interactive chat with Bash
What does ‘scrubbing references from code commits’ mean?
Open an interactive chat with Bash
Why isn’t deleting past commits a proper solution?