How do I edit past git commits to remove my password from the commit logs?

Question

My problem: cygwin git doesn't seem to correctly prompt for credentials when using https:// URLs, so I used username and password in the URL. Unfortunately when I did a "get pull" it auto-commited a message with the full URL including password. I didn't notice this until after I had pushed the changes.

How do I edit old commit messages to eradicate the password in the URL?

My shared git repo is on my own server. I can do surgery on the repo if necessary.

Instructions on how to change my configuration (i.e. don't use Cygwin, don't use https) are unnecessary -- I'm trying to deal with what is already done.

Yes, I can and will burn the password but I'd still like to fix it.

Answer 1

To completely remove a file from a git repository and its history, use these commands.

# Check out the remote repo
git clone git://host/path/repo.git
cd repo

# Clobber the file in your checkout
git filter-branch --force --index-filter 'git rm --cached --ignore-unmatch file-to-purge.txt' --prune empty --tag-name-filter cat -- --all

# Make sure you don't accidentally commit the file again
echo file-to-purge.txt >> .gitignore
git add .gitignore
git commit -m "Prevent accidentally committing this again" .gitignore

# Push the edited repo. This will break other people's clones, if any.
git push origin master --force

For more information, remove sensitive data guide at GitHub will help you.