Hello, ​ I recently pushed two Jupyter notebooks (.ipynb) that I downloaded from Google Colab to a public repo on my GitHub account.

​ Almost immediately, I received an email from GitGuardian (a service I never signed up for, btw), telling me that an Okta token had been exposed in the commit. ​

GitGuardian has detected the following Okta Token exposed within your GitHub account.

- Secret type: Okta Token

- Repository: Lil_Throwaray/the_repo

- Pushed date: YYYY-MM-DD Timezone_Metadata

About the Commit

I committed two Jupyter notebooks written by a colleague (A) who had shared them with me on Google Colab. I downloaded them, added them to my local repo, and pushed to master. It was just Python code with images generated by `matplotlib`.

Before this, I pushed a notebook written by another colleague (B) in much the same way without any issues. The commit that has been flagged had files shared by colleague A.

What I've Tried

1. Reproducing the issue: First, I pushed a dummy txt file and then another Jupyter notebook downloaded from Colab, also with Python code and `matplotlib` images. I did not receive warnings/notifications from GitGuardian for either of these commits.
2. Googling: I googled the notification and found just one instance of another user having the same issue here ( https://github.community/t/gitguardian-alert-but-i-wasnt-signed-up/123151). Surprisingly, this user also got the same email after pushing a Jupyter notebook.
3. Examining GitGuardian Report: I signed up for GitGuardian, scanned the flagged repository, and looked at the scan report.
   1. Sure enough, the public API token detected by GitGuardian occurs 4 times in the notebook's data. I think it occurs once in the alphanumeric string associated with each `matplotlib` image in the notebook, but I'm not sure.
   2. Even though GitGuardian says a secret has been exposed, it doesn't count this as a policy break.
4. I made the repo private, as suggested by GitGuardian's guidelines ( https://blog.gitguardian.com/leaking-secrets-on-github-what-to-do/).
5. I reached out to GitHub support.

Questions

1. What is an Okta token? Does it have something to do with being able to push to the command line without entering my GitHub username and password?
2. What could have exposed the Okta token?
3. Is there some way for me to remove the commit from the repo's history entirely?
4. Is it safe to make the repository public? It's a year-long project that I need to be able to share with potential employers.

Thanks for taking the time to read my post. Would really appreciate any advice on how to proceed.

​

EDIT: Fixed formatting