This blog runs on public code, without secrets
I have kept the code that powers this blog in a private GitHub repository for a while. Partly because I wasn't super proud of my code, but also because I wasn't sure if I had put something in it that wasn't for public consumption, that is, secret tokens.
Since people kept asking me about how I did the webmentions stuff, and the twitter stuff, and the statistics stuff, I decided to make it public. So I did clean up the code a bit and added a disclaimer in the README.md.
To deal with the “there might there be secrets” situation, I used a handy little command line tool called BFG Repo-Cleaner. It goes through all your commits in all your branches and rewrites history to not the include the file you wish you hadn't commited:
bfg --delete-files .env
Afterwards you can
git push --force to overwrite the history stored on GitHub.
To install BFG, you can follow the installation instructions, or if you are on macOS and have Homebrew installed (as you should), you can run:
brew install bfg