Oops! I Leaked My Secrets to GitHub: How I Accidentally Pushed My .env (and Lived to Tell the Tale)

It was a bright Saturday morning, the kind that feels like a fresh breath of freedom after five long, intense days of corporate hustle. The weekend had finally arrived, and I could almost hear it whispering, “Relax, you’ve earned this!” But as I sipped my coffee, a thought popped into my head: why not do something exciting just for me?

I sat up a little straighter, and then it hit me—Next.js! I had been meaning to dive into it for ages. So, instead of sinking into a lazy weekend, I grabbed my laptop, threw on some lofi tunes, and headed to YouTube. In no time, I was deep into tutorials, soaking up the world of server-side rendering, static site generation, and all the cool things that make Next.js tick.

With Full confidence I put the npx create-next-app@latest code in my terminal . Boom I got the next project . Then I made an env file put all my secrets and codes for the next-auth . I thought everything will work and .gitignore will ignore the env file. But to my surprise all my env files got committed . I did't noticed this but when I tried to push to GitHub. Github gave me a really long error message . I was like dammm man messed up. It looked something like this

So there I was, thinking I’d fix my problem by just deleting the .env file and pushing again, but nope, the same error popped up. I thought, “Wait, isn’t Git supposed to track everything? What’s the point if deleting a file doesn’t really delete it?” Then the lightbulb went off—what if I delete the entire commit? But of course, being the genius I am, I had committed the .env file right from the start and stacked up a ton of commits afterward. Frustrated, I figured, “Okay, fine, I’ll just remove the entire .git directory and call it a day. Simple, right?” But then—hold on—I stumbled upon this tool called BFG Repo Cleaner, which was perfect because I was too lazy to deal with the git-filter-branch complexity on a beautiful weekend.

I downloaded the jar file and placed it in the project after that I ran this command

Boom its gone

Conclusion

Before using this tool, take my advice—never get into this mess! But if you do, and you’re feeling lazy, BFG Repo Cleaner has got your back. Just remember to be careful with those commits next time! ??