I was recently trying to push some code to Azure DevOps, but I was getting an error:
$ git push Enumerating objects: 117, done. Counting objects: 100% (107/107), done. Delta compression using up to 12 threads Compressing objects: 100% (66/66), done. Writing objects: 100% (69/69), 10.28 KiB | 1.28 MiB/s, done. Total 69 (delta 42), reused 0 (delta 0), pack-reused 0 remote: Analyzing objects... (69/69) (105 ms) remote: Validating commits... (5/5) done (2 ms) remote: Checking for credentials and other secrets... done (906 ms) error: remote unpack failed: error VS403654: The push was rejected because it contains one or more secrets. To https://dev.azure.com/taurangacc/Software%20Developers%20Guild/_git/Tcc.Property.Sync ! [remote rejected] feature/teams-logging -> feature/teams-logging (VS403654: The push was rejected because it contains one or more secrets. Resolve the following secrets before pushing again. For help, see https://aka.ms/advancedsecurity/secret-scanning/push-protection.
Our Azure DevOps repository has GitHub Advanced Security enabled, hence the above error. Pretty cool feature.
The code I’m pushing doesn’t have the secret in it anymore – an early POC commit had the secret in, when I was playing around to see if I could get it to work. But then I removed the secret once I’d gotten it working.
The suggested fix is to muck around with git rebase and remove the secret from the older commit. Since I don’t care about intermediate commits in my feature branches, an easier workaround is to squash all commits in the branch, thus removing the secret from the history.
As usual with git, there’s a million different and confusing ways to do the same thing. I usually go for the simplest method. Here’s how I did it:
- create a new branch based off develop and switch to it
- Squash merge all of the commits in my feature branch into the new branch
git merge --squash feature/teams-logging - Commit and push my new branch (so that I can create a pull request into develop branch)