No secrets like auth credentials or tokens but:

- Deleted files and development artifacts that were never meant to go public.

- My name and email address.

- Cringy commit messages.

I assumed these commits and their metadata would be private.

It was embarrassing. I was in high school, I was a noob.

I expose the .git directories on my web server and never considered it a problem. I also expose them on GitHub and didn't consider that a problem either...

Super common failure is accidental commit of a secret key. People suck at actually deleting something from git history. Had one colleague leak a Digital Ocean key this way with an accidental env file commit. He reverted, but the key is of course still present in the project history.

The speed at which an accidentally committed and reverted key is compromised and used to say launch a fleet of stolen VPSes on a github public repo nowadays is incredible. Fortunately most of the time your provider will cancel the charges...

This has always been the roughest part of git for me, the process to remove accidentally committed sensitive content. Sure we should all strive not to commit stupid things in the first place, and of course we have tools like gitignore, but we are all only human.

> https://docs.github.com/en/authentication/keeping-your-accou...

"Sensitive data can be removed from the history of a repository if you can carefully coordinate with everyone who has cloned it and you are willing to manage the side effects."