Credential Rotation And History Purge¶
This runbook is used for security incident response when credentials are accidentally committed to the repository.
It covers issue #60: rotate exposed payment credentials and purge them from git history.
1. Immediate containment¶
- Identify all exposed secrets and providers impacted.
- Rotate each credential in the provider dashboard.
- Revoke old credentials immediately after rollover validation.
- Update application secrets in secure stores only:
- production secret manager
- CI/CD protected secrets
- local
.NET user-secretsfor development - Never place replacement credentials in repository files.
2. Purge exposed values from git history¶
Coordinate with maintainers before history rewrite. This operation changes commit SHAs and requires force-push.
Create a replacement file, for example replacements.txt:
literal:sk_live_abc123==>YOUR_STRIPE_SECRET_KEY
regex:FLWSECK_(TEST|LIVE)-[A-Za-z0-9_-]+==>YOUR_FLUTTERWAVE_SECRET_KEY
Rewrite history with git-filter-repo:
pipx run git-filter-repo --replace-text replacements.txt
Then force-push safely:
git push --force-with-lease origin master
git push --force-with-lease --all
git push --force-with-lease --tags
3. Post-purge verification¶
- Re-clone repository in a fresh directory.
- Run secret scanning:
gitleaks dir . --redact --no-banner
- Verify GitHub secret scanning and Dependabot alerts are clear.
- Confirm applications can authenticate with rotated credentials.
4. Communication checklist¶
- Open incident update with impacted systems and rotation completion status.
- Ask all contributors to rebase or re-clone after history rewrite.
- Close the incident only after verification steps pass.