How to Protect Your Private Email Addresses in Git & Github?
Last Updated :
16 May, 2024
Protecting sensitive information such as private email addresses is important to prevent unauthorized access, identity theft, and spam. Git and GitHub offer various mechanisms to safeguard private email addresses within repositories.
In this article, we'll explore effective strategies and best practices to protect your private email addresses in Git and GitHub repositories.
Why Protect Private Email Addresses?
Private email addresses serve as crucial identifiers for individuals, providing communication, authentication, and account management. However, exposing these email addresses publicly in Git and GitHub repositories can pose several risks:
- Privacy Breach: Publicly accessible email addresses increase the risk of privacy breaches, potentially exposing individuals to unwanted attention or harassment.
- Spam and Phishing: Exposed email addresses are vulnerable from spammers, leading to unsolicited emails, phishing attempts, and spam.
- Identity Theft: Cybercriminals may exploit exposed email addresses as part of identity theft schemes, compromising personal information and security.
Strategies to Protect Private Email Addresses
Git CLI setup
While setting up git for the first time, you must have used these commands to set your email address and user name:
git config --global user.email <your-email>
git config --global user.name <your-name>
You could use any email address. But, you must have used an email address that is connected with your GitHub account.
The email address linked with Github ensures that commits are attributed to you and appear in your contributions graph.
Git commits expose your email
Now that you have set up the Git CLI, you must have committed your code and pushed it to a public repository, all the git commits will have the following information:
- Commit Hash
- Author name <Email Address>
- Date and time
- Commit Message
Git Commits exposing private email addressesEven though the Web interface of Github doesn’t show the private email address, one can clone the public repository and run git log to view the commit history and there your private email addresses are exposed!
To get all the emails from git log, you can use this one-liner (in Linux / Git Bash):
STEPS:
- Clone the Github repository
- cd into the cloned repository
- Run the one-liner:
git log | grep Author | cut -d ":" -f2 | sort -u | awk '{print $NF}' | sed -r 's/<// ; s/>//'How to Protect?
To protect the private email addresses from being exposed in your commits, you must configure Github settings as well as Git CLI.
1. Github Settings:
Github provides two options to protect your private email addresses from being exposed. Go to Your Profile -> Emails and enable these options:
- Keep my email addresses private.
- Block command line pushes that expose my email.
Github SettingsNote: The above options may differ in Bitbucket, Gitlab and other code hosting platforms.
2. Changes in Git CLI:
By enabling the second option in Github settings, any further commit which contains your private email address will be blocked. Now you have to configure the Git CLI to not include your private email address.
- You can use any random email id like [email protected]. But the problem is that your commits won’t be attributed to you!
- Alternatively, Github provides a dummy email id (highlighted in the previous image), which ensures that commits are attributed to you and appear in your contributions graph.
Any commits you made prior to changing your commit email address are still associated with your previous email address. You must delete your whole commit history to get rid of that email address.
Change the email address using the git command:
git config --global user.email <dummy-github-email>
Similar Reads
How To Make Your GitHub Repository Private? GitHub is a popular platform for hosting and managing code repositories, allowing developers to collaborate, share, and work on projects. While public repositories are accessible to anyone, private repositories restrict access to only those who have granted permission. In this article, we'll walk yo
4 min read
How to Generate Personal Access Token in GitHub? Personal access tokens (PATs) are an alternative to using passwords for authentication to GitHub when using the GitHub API or the command line. You can create a personal access token to use in place of a password when you are working with GitHub Operations. To generate the personal access token foll
1 min read
How to Add Licensing to Your Open Source Project on GitHub? Open-source projects are a great way to share your code and collaborate with others. However, without proper licensing, your project may face legal issues and misuse. Adding a license to your GitHub project is important for protecting your work and clarifying how others can use it. In this article,
3 min read
How to Use GitHub For Personal Development Projects? GitHub is more than just a platform for professional developers and large teams; it’s also a fantastic tool for individuals working on personal development projects. Whether you’re a beginner learning to code or an experienced developer building a portfolio, GitHub offers a suite of tools that can h
7 min read
How to Set Git Username and Password in GitBash? Setting up your Git username and password is an essential step when working with Git repositories. It helps you confirm your identity when sending (pushing) changes or getting (pulling) updates from a remote repository. In this guide, we will show you how to easily set your Git username and password
3 min read
How To Create A Personal Access Token in GitLab? A personal access token (PAT) in GitLab is an alternative to using a password for authenticating GitLab API requests, Git operations, and other integrations. These tokens provide more control and security, allowing you to define specific scopes and expiration dates.In this article, we'll cover how t
4 min read