![17. [Project] Commit에 민감정보 저장되서 Push 막힐 때](https://image.inblog.dev?url=https%3A%2F%2Fsource.inblog.dev%2Ffeatured_image%2F2025-07-22T08%3A52%3A49.229Z-724da409-e0cd-4d98-9992-1b9a14de2b28&w=2048&q=75)
문제
민감정보를 포함한 채 Push 시도 해서 Push 거절됨
GGG@DESKTOP-43CC23G MINGW64 /c/workspace/pro_lec_2/data (sentry)
$ git push origin sentry
Enumerating objects: 65, done.
Counting objects: 100% (65/65), done.
Delta compression using up to 20 threads
Compressing objects: 100% (31/31), done.
Writing objects: 100% (36/36), 9.46 KiB | 4.73 MiB/s, done.
Total 36 (delta 22), reused 0 (delta 0), pack-reused 0 (from 0)
remote: Resolving deltas: 100% (22/22), completed with 21 local objects.
remote: error: GH013: Repository rule violations found for refs/heads/sentry.
remote:
remote: - GITHUB PUSH PROTECTION
remote: —————————————————————————————————————————
remote: Resolve the following violations before pushing again
remote:
remote: - Push cannot contain secrets
remote:
remote:
remote: (?) Learn how to resolve a blocked push
remote: https://docs.github.com/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line#resolving-a-blocked-push
remote:
remote: (?) This repository does not have Secret Scanning enabled, but is eligible. Enable Secret Scanning to view and manage detected secrets.
remote: Visit the repository settings page, https://github.com/ballkkaye/data/settings/security_analysis
remote:
remote:
remote: —— Google Cloud Service Account Credentials ——————————
remote: locations:
remote: - commit: 6bb2b78393e1581de1d6c55a76da75e9e8a60ed1
remote: path: config/firebase-service-key.json:1
remote:
remote: (?) To push, remove secret from commit(s) or follow this URL to allow the secret.
remote: https://github.com/ballkkaye/data/security/secret-scanning/unblock-secret/2ztnbD1VfQQiRrjYI5vE4d3AClV
remote:
remote:
remote:
To https://github.com/ballkkaye/data.git
! [remote rejected] sentry -> sentry (push declined due to repository rule violations)
error: failed to push some refs to 'https://github.com/ballkkaye/data.git'🛠 해결
✅ 1. 민감 정보 유출 확인
GitHub 푸시 시 아래 오류가 발생했다면:
GGG@DESKTOP-43CC23G MINGW64 /c/workspace/pro_lec_2/data (sentry)
$ git push origin sentry
Enumerating objects: 65, done.
Counting objects: 100% (65/65), done.
Delta compression using up to 20 threads
Compressing objects: 100% (31/31), done.
Writing objects: 100% (36/36), 9.46 KiB | 4.73 MiB/s, done.
Total 36 (delta 22), reused 0 (delta 0), pack-reused 0 (from 0)
remote: Resolving deltas: 100% (22/22), completed with 21 local objects.
remote: error: GH013: Repository rule violations found for refs/heads/sentry.
remote:
remote: - GITHUB PUSH PROTECTION
remote: —————————————————————————————————————————
remote: Resolve the following violations before pushing again
remote:
remote: - Push cannot contain secrets
remote:
remote:
remote: (?) Learn how to resolve a blocked push
remote: https://docs.github.com/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line#resolving-a-blocked-push
remote:
remote: (?) This repository does not have Secret Scanning enabled, but is eligible. Enable Secret Scanning to view and manage detected secrets.
remote: Visit the repository settings page, https://github.com/ballkkaye/data/settings/security_analysis
remote:
remote:
remote: —— Google Cloud Service Account Credentials ——————————
remote: locations:
remote: - commit: 6bb2b78393e1581de1d6c55a76da75e9e8a60ed1
remote: path: config/firebase-service-key.json:1
remote:
remote: (?) To push, remove secret from commit(s) or follow this URL to allow the secret.
remote: https://github.com/ballkkaye/data/security/secret-scanning/unblock-secret/2ztnbD1VfQQiRrjYI5vE4d3AClV
remote:
remote:
remote:
To https://github.com/ballkkaye/data.git
! [remote rejected] sentry -> sentry (push declined due to repository rule violations)
error: failed to push some refs to 'https://github.com/ballkkaye/data.git'→
config/firebase-service-key.json 같은 민감 파일이 과거 커밋 내 히스토리에 존재하기 때문입니다.정리하면:
항목 | 내용 |
❗ 문제 발생 이유 | Google Cloud 서비스 계정 키가 포함됨 |
📌 걸린 커밋 | 6bb2b78393e1581de1d6c55a76da75e9e8a60ed1 |
📂 위치 | config/firebase-service-key.json 파일 1번 줄 |
🚫 푸시 상태 | 거부됨 — "Push cannot contain secrets" |
✅ 2. BFG Repo Cleaner 설치
📌 BFG Repo-Cleaner란
Git 기록에서 민감한 파일이나 커밋을 완전히 제거할 수 있게 해주는 고성능 도구
Git 히스토리 안에 들어있는
- 비밀번호
- 토큰(API Key)
- 서비스 키(JSON)
- 대용량 파일 등
👉 이런 것들을 빠르게 삭제할 수 있음
BFG JAR 파일 다운로드
✅ 3. 먼저 프로젝트 최상위 디렉토리로 이동
cd ~/workspace/my-project # 또는 cd C:/workspace/pro_lec_2
이 예시에서는
data 라는 기존 Git 프로젝트가 이 위치에 있다고 가정해요.✅ 4. Bare Repository 복제
git clone --mirror [원격레포지토리경로 or .] data-cleaned.git
- 예시 (로컬 디렉토리 기준):
git clone --mirror data data-cleaned.git
✅ 5. BFG로 민감 파일 제거
java -jar ~/Downloads/bfg-1.14.0.jar --delete-files firebase-service-key.json data-cleaned.git
firebase-service-key.json이 과거 커밋에 존재하는 모든 히스토리에서 삭제됨
✅ 6. BFG 후 Git 정리 (필수)
cd data-cleaned.git git reflog expire --expire=now --all git gc --prune=now --aggressive
✅ 7. 정리된 레포지토리로 새 워킹 디렉토리 클론
cd .. git clone data-cleaned.git cleaned-working-dir cd cleaned-working-dir
✅ 8. 원격 연결 재설정
git remote rm origin git remote add origin https://github.com/ballkkaye/data.git git remote -v # 확인용
✅ 9. 원래 브랜치로 체크아웃
git checkout fix/sentry
✅ 10. 민감 정보가 담긴 파일 제거 확인 및 커밋
rm -rf config/firebase-service-key.json git rm --cached config/firebase-service-key.json echo "config/firebase-service-key.json" >> .gitignore git add . git commit -m "remove firebase key & add to .gitignore"
✅ 11. 원격 브랜치 강제 푸시
git push --force origin fix/sentry
✅ 12. PR 생성
GitHub에서
fix/safe-push → dev 또는 원하는 브랜치로 Pull Request 생성Share article