If you want to protect your private email in a commit from being exposed, GitHub has provided a way to do that. GitHub supports an no-reply email address that can be specially used as your commit email address.
To use the
noreply email, you need to set up both in the GitHub and in your local Git.
GitHub: Setting your commit email address provides a step-by-step instructions how to do that. It’s simple.
GitHub > Settings > Emails > Check
Keep my email addresses private and
Block command line pushes that wxpose my email option in the bottom of the page, then it display the
noreply email as below:
:ballot_box_with_check: Keep my email addresses private
We’ll remove your public profile email and use xxxxxxx+[username]@users.noreply.github.com when performing web-based Git operations (e.g. edits and merges) and sending email on your behalf. If you want command line Git operations to use your private email you must set your email in Git.
:ballot_box_with_check: Block command line pushes that expose my email
If you push commits that use a private email as your author email we will block the push and warn you about exposing your private email.
Local Git setting
Run below command to configure your commit email with the
$ git config --global user.email xxxxxxx+[username]@users.noreply.github.com
For commits you made prior to changing your commit email address are still associated with your previous email address. That means the commit email in those commit are not protected.
In fact, Git does not check whether the email is a valid one or not. Of course you can use a fake one, but
noreplyemail is a better choice, it clearly indicates that.