Open In App

How to Protect Your Private Email Addresses in Git & Github?

Improve
Improve
Improve
Like Article
Like
Save Article
Save
Share
Report issue
Report

If you are using git and any code hosting platform like Github, Bitbucket, Gitlab, etc. to upload/commit your code, then you might be exposing your private email addresses publicly. This article focuses on how exactly your private email addresses are being exposed and what you can do to protect them!

Git CLI setup:

While setting up git for the first time, you must have used these commands to set your email address and user name:

git config --global user.email <your-email>
git config --global user.name <your-name>

You could use any email address. But, you must have used an email address that is connected with your GitHub account.

The email address linked with Github ensures that commits are attributed to you and appear in your contributions graph.

Git commits expose your email:

Now that you have set up the Git CLI, you must have committed your code and pushed it to a public repository, all the git commits will have the following information:

  • Commit Hash
  • Author name <Email Address>
  • Date and time
  • Commit Message

Git Commits exposing private email addresses

Even though the Web interface of Github doesn’t show the private email address, one can clone the public repository and run git log to view the commit history and there your private email addresses are exposed!

To get all the emails from git log, you can use this one-liner (in Linux / Git Bash):

STEPS:

  1. Clone the Github repository 
  2. cd into the cloned repository
  3. Run the one-liner:
git log | grep Author | cut -d ":" -f2 | sort -u | awk '{print $NF}' | sed -r 's/<// ; s/>//'

How to Protect?

To protect the private email addresses from being exposed in your commits, you must configure Github settings as well as Git CLI.

1. Github Settings:

Github provides two options to protect your private email addresses from being exposed. Go to Your Profile -> Emails and enable these options:

  1. Keep my email addresses private.
  2. Block command line pushes that expose my email.

Github Settings

Note: The above options may differ in Bitbucket, Gitlab and other code hosting platforms.

2. Changes in Git CLI:

By enabling the second option in Github settings, any further commit which contains your private email address will be blocked. Now you have to configure the Git CLI to not include your private email address.

  • You can use any random email id like email@example.com. But the problem is that your commits won’t be attributed to you!
  • Alternatively, Github provides a dummy email id (highlighted in the previous image), which ensures that commits are attributed to you and appear in your contributions graph.

Any commits you made prior to changing your commit email address are still associated with your previous email address. You must delete your whole commit history to get rid of that email address.

Change the email address using the git command:

git config --global user.email <dummy-github-email>

Last Updated : 09 Sep, 2021
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads