Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do I properly remove sensitive data pushed to a Git repo?

Tags:

git

github

I pushed a file containing a password to my repo by mistake - FYI the repo is just a small personal project.

Once I realised the password was present I added the file to .gitignore and executed git rm -r --cached <filename>, committed and pushed to the repo.

I now realise the password is still present in the history - what is the best way to remove it?

I read the Remove sensitive data page on Github which suggests changing the password - which I have done - but I would like to remove the history as well.

like image 454
NRKirby Avatar asked Apr 20 '15 07:04

NRKirby

People also ask

How do I remove sensitive information from git history?

If you commit sensitive data, such as a password or SSH key into a Git repository, you can remove it from the history. To entirely remove unwanted files from a repository's history you can use either the git filter-repo tool or the BFG Repo-Cleaner open source tool.

How do I remove data from a git repository?

The easiest way to delete a file in your Git repository is to execute the “git rm” command and to specify the file to be deleted. Note that by using the “git rm” command, the file will also be deleted from the filesystem.

How do I remove contents from my github repository?

In git, you can't delete the content of a branch. All you can do is to push a commit that removes all your files. If you want to start over from a clean repository, you have to delete the current one a create a new one with the same name for example.

1 Answers

Since you have already made 5 commits since the commit containing the clear text password, you best bet is to do a git rebase -i in interactive mode on your local branch. Find the SHA-1 of the commit where you added the clear text password, and type the following:

git rebase --interactive dba507c^

where dba507c are the first 7 characters of the SHA-1 for the bad commit.

Change this:

pick dba507c comment for commit containing clear text password

To this:

edit dba507c I have removed the clear text password

Make the change to the password file to remove the clear text, then commit your result like this:

git commit --all --amend --no-edit git rebase --continue

Finish the rebase, then push your (correct) local branch to the remote via:

git push -f origin your_branch

You will need to force push your_branch because you have rewritten history (by modifying the password file). Now you have all your latest commits, but you have removed the clear text.

like image 105
Tim Biegeleisen Avatar answered Sep 26 '22 13:09

Tim Biegeleisen
Sign in to Comment

Related questions

Gettext .po files under version control
Git: Checkout only files without repository?
How to make git stash include new files that have not been staged?
Can I commit only parts of my code using SVN or Mercurial?
git stash and pop shows file no longer marked as moved?
The file “Pods.xcconfig” couldn’t be opened because there is no such file
VSTS - prevent push to master but allow PR merge
git gui: how to clone and push?
git: moving branch head
Add new commit to the existing Git tag
Opposite of git branch --set-upstream
How to get complete git commit hash from short hash? [duplicate]
Can't push git, visual studio. Git failed with a fatal error. fatal: HttpRequestException encountered
Adding self-signed SSL certificate without disabling authority-signed ones
Git apply patch fails silently (no errors but nothing happens)
Track file inside ignored directory
Changing Git remote URL updates fetch but not push
'git init -b <branch name>' command in terminal is throwing an 'unknown switch' error
Git - easiest way to see diff with previous version if I have the sha
Setting different config for different repositories [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!