How to Fix “Push Declined Due to Repository Rule Violations” on GitHub?

You’ve committed your code, typed git push, and boom – your push is rejected with a scary message like:

! [remote rejected] main -> main (push declined due to repository rule violations)

And then you see this part:

Push cannot contain secrets
— OpenAI API Key —

If this happened to you, don’t panic. GitHub isn’t punishing you, it’s actually protecting your project from accidentally leaking sensitive data. In this post, I’ll walk you through exactly what this error means and how to clean your commit history properly so you can push safely.

Why Did GitHub Reject My Push?

GitHub now has push protection for secrets like API keys. It scanned your commit history and found something that looks like an API key – in my case, an OpenAI key, somewhere in a past commit.

Even if your current code is clean, the key might still be in Git history.

Example Error:

remote: error: GH013: Repository rule violations found for refs/heads/main.
remote: - Push cannot contain secrets
remote: — OpenAI API Key —
remote: location: extension_1.js:167

How to Fix This (Step-by-Step)

1. Confirm the Secret Exists

Run this to scan your Git history:

git log -p | grep sk-

If you see anything like sk-abc123... or your API key, you’ve got a leaked key in there.

2. Remove the Secret Using git-filter-repo

If you’re on macOS:

brew install git-filter-repo

Then, run this (replace with your actual key):

git filter-repo --replace-text <(echo "sk-abc123xyz456==[REDACTED]")

This scrubs the secret from every commit.

3. Re-add Your GitHub Remote

During this cleanup, git-filter-repo removes the remote link to GitHub. Add it back:

git remote add origin https://github.com/your-username/your-repo.git

Check that it worked:

git remote -v

4. Force Push the Cleaned Repo

git push -u origin main --force

GitHub will scan the new history, and if the key’s gone, the push will succeed.

Best Practice: Use .env for API Keys

To avoid this issue in the future:

  • Add .env to your .gitignore
  • Store your API key there
  • Load it securely in code

Final Tip

If you’re working on a team, consider adding:

  • A .github folder with PR/issue templates
  • Branch protection rules (to avoid pushing to main)
  • A policy of never hardcoding secrets

Fixing this might feel intimidating at first, but now you’ve not only cleaned up the leak, but you’ve also leveled up your Git workflow.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may also enjoy…