Removing an accidentally pushed gem

Here are the steps you should follow when you have accidentally pushed a gem with passwords or other private content.

  1. Yank the gem using gem yank which will prevent installs using gem install. The gem will NOT be downloadable using the download link on

  2. If the gem contained passwords, or private keys immediately change them. Due to webhooks on your gem has already been downloaded by third parties.

  3. Add the allowed_push_host metadata to your gemspec so future gems cannot be pushed to by mistake.

Recent Discussions

13 Mar, 2019 02:54 PM
05 Mar, 2019 04:42 PM
02 Mar, 2019 10:55 AM
28 Feb, 2019 08:51 PM
28 Feb, 2019 05:39 AM