Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do I properly remove sensitive data pushed to a Git repo?

Tags:

git

github

I pushed a file containing a password to my repo by mistake - FYI the repo is just a small personal project.

Once I realised the password was present I added the file to .gitignore and executed git rm -r --cached <filename>, committed and pushed to the repo.

I now realise the password is still present in the history - what is the best way to remove it?

I read the Remove sensitive data page on Github which suggests changing the password - which I have done - but I would like to remove the history as well.

like image 454
NRKirby Avatar asked Apr 20 '15 07:04

NRKirby


People also ask

How do I remove sensitive information from git history?

If you commit sensitive data, such as a password or SSH key into a Git repository, you can remove it from the history. To entirely remove unwanted files from a repository's history you can use either the git filter-repo tool or the BFG Repo-Cleaner open source tool.

How do I remove data from a git repository?

The easiest way to delete a file in your Git repository is to execute the “git rm” command and to specify the file to be deleted. Note that by using the “git rm” command, the file will also be deleted from the filesystem.

How do I remove contents from my github repository?

In git, you can't delete the content of a branch. All you can do is to push a commit that removes all your files. If you want to start over from a clean repository, you have to delete the current one a create a new one with the same name for example.


1 Answers

Since you have already made 5 commits since the commit containing the clear text password, you best bet is to do a git rebase -i in interactive mode on your local branch. Find the SHA-1 of the commit where you added the clear text password, and type the following:

git rebase --interactive dba507c^ 

where dba507c are the first 7 characters of the SHA-1 for the bad commit.

Change this:

pick dba507c comment for commit containing clear text password 

To this:

edit dba507c I have removed the clear text password 

Make the change to the password file to remove the clear text, then commit your result like this:

git commit --all --amend --no-edit git rebase --continue 

Finish the rebase, then push your (correct) local branch to the remote via:

git push -f origin your_branch 

You will need to force push your_branch because you have rewritten history (by modifying the password file). Now you have all your latest commits, but you have removed the clear text.

like image 105
Tim Biegeleisen Avatar answered Sep 26 '22 13:09

Tim Biegeleisen