The commit history showed everything. Emails in plain text. Names tied to addresses that should never have been public. You need that gone—fast.
Git can mask email addresses in logs, but you must wire it into your process before the leak happens. If the damage is already done, you’ll need to rewrite history. That means targeting every commit where the author or committer email is exposed.
Start with git config --global user.email "hidden@example.com". This changes what’s logged going forward. No more real addresses in your commit metadata. Combine this with git config --global user.name "Hidden" if names are also sensitive.
For existing history, use git filter-repo or, if you’re working in an older setup, git filter-branch. With git filter-repo, run:
git filter-repo --replace-text email-replace.txt
Inside email-replace.txt, map each exposed address to a safe placeholder. Every commit is rewritten. Every reference is updated.
Masking isn’t just local. If the repository lives on GitHub, GitLab, or any other remote, you must force-push (git push --force) after rewriting. Anyone with a clone must also clean their history. If one copy remains unpatched, the exposure lives on.
Automate it. Hook a pre-commit or pre-push script that strips or replaces sensitive emails before they hit the repo. Add it to CI pipelines so masked data stays masked.
Logs tell stories. Make sure yours never reveal more than they should.
See how masking email addresses in Git logs works end-to-end with live, automated enforcement—get it running in minutes at hoop.dev.