Be CAREFUL, moving the keystore file is not enough to avoid leaks on Github!

I followed the instructions as I’m getting familiar with using Git and Github for this project. I moved the keystore file away from the project, to store it somewhere else that wouldn’t end up being tracked in git and visible on github.

Unfortunately, there is something else to do that isn’t mentionned here. When exporting your build, make sure to not save before you actually erase the infos contained in:
Release
Release User
Release Password

image1011×752 54.5 KB

If you save, commit and push, everything you have here will end up online and clearly visible, your password will be exposed.

I guess adding the “export_credentials” file that can be found in the .godot folder would have prevented this… unfortunately I clearly didn’t see that one coming as I’m too inexperienced. I had to switch my repo to private and right now I’m not sure how to get rid of the leaked infos.

You’ll need to rewrite your Git history and force-push the commits to GitHub.

I suggest you read through the following guide from GitHub Removing sensitive data from a repository - GitHub Docs

Thanks! Indeed that would have been the solution. A friend of mine also showed me how to it this way. But then again he also told me that if we assume this is something that we really don’t want to be visible online and that it has been published publicly, even if for only a short period of time… We need to assume the data is out there anyway and the best approach here would be to change the credentials anyway and own the mistake.

Also, if you set up your Git repo using the gitignore file generated by Godot when creating the project, this wouldn’t even happen. I think in this one I used the gitignore file suggested byt Github instead of the Godot one. The one from Godot definitely takes this into account.