Protect Your Private Email Addresses
25 July 2021
If you are using git and any code hosting platform like Github, Bitbucket, etc. to upload/commit your code, then you might be leaking your private email addresses. This article focuses on how exactly the private email addresses are being leaked and what you can do to protect them!
Git CLI setup
While setting up git for the first time, you must have used these commands to set your email address and user name:
git config --global user.email <your-email>
git config --global user.name <your-name>
You can use any email address. But, you must have used an email address that is connected to your GitHub account.
The email address linked with Github ensures that commits are attributed to you and appear in your contributions graph.
Git commits leak your email
Now that you have setup the Git CLI, you must have committed your code and pushed it to a public repository, all the git commits will have the following information:
- Commit Hash
- Author name <Email Address>
- Date and time
- Commit Message
Even though the Web interface of Github doesn’t show the private email address, one can clone the public repository and run git log to view the commit history and there your private email addresses are leaked!
- To get all the emails from git log, you can use this one-liner (in Linux):
# STEPS:
# 1. Clone the github repository
# 2. cd into the cloned repository
# 3. Run the one-liner:
git log | grep Author | cut -d ":" -f2 | sort -u | awk '{print $NF}' | sed -r 's/<// ; s/>//'
How to Protect?
To protect the private email addresses from leaking in your commits, you must configure Github settings as well as Git CLI.
The past cannot be changed, edited or erased; it can only be accepted!
Random Git User😜
1. Github Settings
Github provides two options to protect your private email addresses from leaking. Go to Your Profile -> Emails and enable these options:
2. Changes in Git CLI
By enabling the second option in Github settings, any further commit which contains your private email address will be blocked! Now you have to configure the Git CLI to not include your private email address.
- You can use any random email id like email@example.com. But the problem is that, your commits won’t be attributed to you!
- Alternatively, Github provides a dummy email id (highlighted in the previous image), which ensures that commits are attributed to you and appear in your contributions graph.
Any commits you made prior to changing your commit email address are still associated with your previous email address. You must delete your whole commit history to get rid of that email address.
Change the email address using the git command:
git config --global user.email <dummy-github-email>