Remote repositories don't really delete commits even after reset and force push #1
Description
An addition to the instructions could mention that if secrets are committed on accident to a remote repository, this cannot be completely undone with git reset, since the commits can still be accessed with their hash. See discussion in https://github.com/orgs/community/discussions/38607
To summarise: the file will not be accessible from the git tree on the remote, but is still found with its commit ID (for example the short version of the commit hash). This is still very difficult to access by chance from 16^8 possible short hashes, but it's still good to be aware that the commit is not really removed.