Is a deleted branch on GitHub guaranteed to not leak data?

[Utsuhoagie]

Select Topic Area

Question

Body

Say I have accidentally pushed secrets to my private repo, on main (no other branches; no forks or clones), at commit #5. I notice this a while later, say at commit #8. I then try to create a new branch (fix) from commit #4, then cherry pick and fix commit #5, then just cherry pick commits #6-8 (they are unrelated to the leaked secrets).
Now I push this fix branch to my repo, and then delete the original main branch. What will actually happen to the deleted main branch? Are commits with the leaked secrets accessible in any way, if I were to make this repo public later down the road?

I do know that I should change my secrets, but what I'm wondering is, are there any risks to making this repo public later, when in the branch/commits view on GitHub there is seemingly no leaked secret.

[DNin01]

I'm not certain on what happens to the data when you delete a branch, but sensitive data is purgeable with a force push. Check the documentation.

[jsoref]

For the record, this is wrong and misleading.

If any actions ran from a commit that included the commit with the data, then a force push will not purge it at all. Similarly, if there's a tag or another branch that references that commit, then a force push will not purge it at all.

[OmkarOza]

I think there is a chance of data leak because your operations are store in .git file from which any person can know your all commits information if your repository is public.

[spenserblack]

I don't think that there's any guarantee that GitHub will delete an inaccessible commit. For example, here are some fake commits I made to simulate pushing a commit with secrets, then removing it from the history. The steps I took were:

1. Create a leaked-secret branch
2. Push spenserblack/test-repo@ef50762, the bad commit
3. Force-push over it with spenserblack/test-repo@1a85dd8
4. Delete the leaked-secret branch from GitHub

Despite the fact that the bad commit was overwritten with a force-push (and the branch was deleted just in case), spenserblack/test-repo@ef50762 still links to a valid page, not a 404. At least at the time I'm writing this; it might change later. I think GitHub occasionally garbage-collects some inaccessible refs.

So, even if the chances are small that someone will discover the commit, it's not a 0% chance as long as that commit continues to exist in the remote. You probably would want to try and see if someone on GitHub's team can delete the inaccessible commit to be safer, and get more advice from them on steps that you can take to mitigate risk.

[vinaghost]

6 month later, github still show your commit as "This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository."

[T0mstone]

Pretty sure they are never deleted automatically. See also https://stackoverflow.com/q/4367977, where a "bad" commit has kept existing since 2010.

[jsoref]

Since there's a low quality off-topic answer marked as the answer, and as I've replied to another misleading answer, I think it's probably worth providing another top-level answer:

1. Is a deleted branch on GitHub guaranteed to not leak data?

   No, it is not guaranteed to do that. On average that information will still be available by sha, and if you use workflows it'll probably be anchored by workflow runs as well.

2. I do know that I should change my secrets, but what I'm wondering is, are there any risks to making this repo public later (when in the branch/commits view on GitHub there is seemingly no leaked secret)?

   The right thing to do is to make a new (private) repository with only the history you want (and not the commits you don't want) and then once you've reviewed that repository's history, make that repository public.

https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository#fully-removing-the-data-from-github

[github-actions[bot]]

🕒 Discussion Activity Reminder 🕒

This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions:

1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as out of date at the bottom of the page.

2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own.

3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution.

Note: This dormant notification will only apply to Discussions with the Question label. To learn more, see our recent announcement.

Thank you for helping bring this Discussion to a resolution! 💬