Files “deleted” from or changed in your GitHub Repository are kept in the History and visible
After notifying another user that their usernames and passwords were still visible after deleting the file from their repository, I got curious how often this happens. It seems quite a few users have accidentally uploaded their secrets.yaml file and then deleted it or tried removing the information. I can only assume these users think that it is no longer visible.
A search in GitHub found a number of repositories where the user deleted the file and it was still available. A check of their available (From the secrets file) domain/IP and password found they haven’t changed it.
Example of a deleted file that is still visible
You will no longer find this file in my repository. But anyone can look through the history of my repository and see every change I have made.
My current repository (note there is no .travis.yml file):
Posting this so hopefully someone who made this mistake cleans up their repository and changes their passwords. Their are some people that exposed a lot of their accounts, not to mention their home assistant instance, as they had a lot in the file. I left comments on the ones I found for the users to do a clean up.
EDIT: One more thing.
Other Github users can clone/download or fork your repository. Even if you think deleted it and its gone, anyone could have a copy of they forked it (its still available to anyone on GitHub) or they have a personal downloaded copy.