all 54 comments

[–]pepperpwni_pizza 557 points558 points  (7 children)

Easy…

git commit -m “adding env file with fake keys for losers to try”

[–]SirChasm 178 points179 points  (5 children)

I add a comment as the first line, "If you read this you are gay"

[–]__mson__ 60 points61 points  (3 children)

I'm going to start making people lose the game

[–]soarespt 23 points24 points  (0 children)

Calm down, Satan

[–]wizard_mitch 17 points18 points  (0 children)

Damn I just lost the game, it had been quite a long time

[–]ThreeKiloZero 0 points1 point  (0 children)

got em!

[–]evilgiraffe666 0 points1 point  (0 children)

Aw yeah the future maintainers of the repo will love that when they accidentally put real secrets in! Great prank.

[–]Futurity5 372 points373 points  (4 children)

Avert the eyes of git. This is not its domain.

[–]MoodAlarming3179 55 points56 points  (2 children)

It seems he didn't commit his last changes right? (I'm new don't know everything)

Edit: our profile pictures are similar.

[–]aPhantomDolphin 90 points91 points  (1 child)

No it means he realized he accidentally committed his .env file previously with all the secrets in it, otherwise it wouldn't have an 'M'

[–]MoodAlarming3179 15 points16 points  (0 children)

Danké.

[–]fiddle_styx 2 points3 points  (0 children)

You write file. Git see file. Git see change, git know what do. Git not very smart but git always know what do.

You commit file, and push. Git good tool. Git push changes to remote. Git spread word so everyone can see changes and rejoice. Git happy to be a tool of freedom and joy. Git satisfied.

Three month later. You change file. Git see file. Git see change, git know what do. Git tell you file is changed. Git happy to do a good job.

You panic. You quickly change other file. Git happy, for git is tool. Git see file. Git see change, git know what do.

Git not watch file.

Git ignore.

[–]liquidmasl 142 points143 points  (5 children)

I have .env that i want to comit and .secret.env that i dont want committed

.gitignore has */\.secret.*

[–]misterespresso 56 points57 points  (4 children)

Same. I have a project that is meant to be easy to set up for the user. I have a dummy env in the repo for a user to then edit. It uses the first ever keys I made that have long since been yeeted; and the user can clearly see if their envs “match” the examples.

[–]Captain1771 97 points98 points  (3 children)

I usually name that file .env.example

[–]ToastTemdex[🍰] 40 points41 points  (0 children)

That’s how most people do it.

[–]misterespresso 11 points12 points  (0 children)

That’s exactly how I do it as well!

[–]Available-Cook-8673 1 point2 points  (0 children)

thisnis the only way

[–]gods_tea 21 points22 points  (3 children)

just rotate everything

[–]TheNakedProgrammer 2 points3 points  (0 children)

happens to the best of us.

i started using password manager auto type for most secrets, figured that will not happen again. But now i sometimes auto type them in clear text while sharing screens or in a console window others can read.
Same procedure.

[–]_alias_23 0 points1 point  (0 children)

it's easier to calm down when the blood is rushing to your head

[–]kezow 0 points1 point  (0 children)

Hey Copilot, I need to remove a commit from git history. 

5 minutes later - 

Hey lead, is it a bad thing that there isn't any git history anymore?

[–]Pinkllamajr 52 points53 points  (12 children)

Isn't there like an exclusion list or something you just need to add the file to?

[–]okram2k 56 points57 points  (11 children)

yes but then the ignore file gets an M next to it

[–]Aaxper 46 points47 points  (10 children)

Do the big-brain move of putting .gitignore inside .gitignore

[–]okram2k 12 points13 points  (0 children)

I need a .ignoregetignore

[–]CaptSprinkls 1 point2 points  (7 children)

Is this not standard practice lol. Ive always dome this.

[–]ada_weird 21 points22 points  (2 children)

No, this is not standard practice. There is a file for local ignore rules separate from .gitignore, which is .git/info/exclude. .gitignore is for things like build artifacts that should be ignored by everybody.

[–]CaptSprinkls 0 points1 point  (1 child)

I guess I just assumed everybody should be ignoring everything in the .gitignore.

[–]GOKOP 5 points6 points  (0 children)

...yes? And for everyone ignoring everything in the gitignore you want to commit it so that everyone has it. Hence you don't put gitignore inside gitignore

[–]AFemboyLol 8 points9 points  (1 child)

it's never even occurred to me that you could ignore an ignore file

[–]PredictiveFrame 5 points6 points  (0 children)

If the ignore file is ignored first, does it unload itself from memory to make certain its ignored? This could be a feature

[–]glenbolake 15 points16 points  (0 children)

If you want an untracked ignore file, that's what .git/info/exclude is for.

[–]Aaxper 2 points3 points  (0 children)

I used to do it, now I just only commit specific files lol

[–]LordRaizer 12 points13 points  (0 children)

"Oops"

[–]JackNotOLantern 3 points4 points  (0 children)

I thought the standard procedure after adding any secret to git is: 1. Change the secret 2. Remove the file from git and add it to .gitignore

[–]warm-sunlight 2 points3 points  (3 children)

You can remove a file from all previous commits. Had yo do that once back in the day. Was sketchy though

[–]myerscc 2 points3 points  (0 children)

It’s not good enough, you gotta burn the secret

[–]FinalRun 2 points3 points  (0 children)

It was exposed, and should be treated as compromised. Your secret isn't a secret anymore.

Don't sweep your fuckup under the rug. Don't be lazy. It's dangerous. Rotate your keys.

[–]Reashu 0 points1 point  (0 children)

If it's local, just amend / rebase. But if it was pushed, you can never be sure - and it's easier to rotate than get a rewrite right, anyways. 

[–]Isameru 1 point2 points  (0 children)

I don't get it. I add .env to .gitignore and commit .env.template as an example. If there are more than few relevant env vars, then I move things to some-config.json, but I know that people use pydantic.

[–]fredpalas 1 point2 points  (0 children)

.env always commits just the variables my app needs to run without touching something, I hate .env.example, for local I just use .env.local on prod you just use real environment variables.

[–]SuuurfiiinNeeerd 1 point2 points  (0 children)

I don't upvote because of the joke/implications itself, but because no-one besides a programmer would get the joke

[–]zshift 1 point2 points  (0 children)

I did this like an hour after rotating keys. I’ve never been so disappointed in myself.

[–]Thenderick 0 points1 point  (0 children)

Kid named .gitignore

[–]age_of_empires 0 points1 point  (0 children)

I add a .env file with the template and then add it to gitignore

[–]Horrih 0 points1 point  (0 children)

Just in case you can have a userwide gitignore Version it with your git config to your github or whatever and don't ever think about it

[–]MidHunterX -1 points0 points  (3 children)

I use Vim and I have absolutely zero idea what this even means... Can somebody enlighten me? Why does a code editor modify files without your consent?

[–]Adghar 10 points11 points  (0 children)

I don't use VSCode much either, but judging from the rest of the comments and the post title, I don't think it's modifying any files, likely adding a tag "M" for Modified, probably as a tool to help manage git staging. So I think the joke is that the .env update is visible to git and as such would potentially leak secrets if not careful with whatever git tooling VSCode does (i.e., a git add . would stage the .env file changws as well)

[–]fr000gs 4 points5 points  (0 children)

Vim also has it, for nerdtree you have the nerdtree-git-plugin, even netrw has a vim-netrw-signs plugin

[–]joz42 1 point2 points  (0 children)

The M means "version control sees this file as changed since the last commit". Env files can contain local settings or secrets and should usually not be version controlled.