I pushed a file containing a password to my repo by mistake - FYI the repo is just a small personal project.
Once I realised the password was present I added the file to .gitignore
and executed git rm -r --cached <filename>
, committed and pushed to the repo.
I now realise the password is still present in the history - what is the best way to remove it?
I read the Remove sensitive data page on Github which suggests changing the password - which I have done - but I would like to remove the history as well.
If you commit sensitive data, such as a password or SSH key into a Git repository, you can remove it from the history. To entirely remove unwanted files from a repository's history you can use either the git filter-repo tool or the BFG Repo-Cleaner open source tool.
The easiest way to delete a file in your Git repository is to execute the “git rm” command and to specify the file to be deleted. Note that by using the “git rm” command, the file will also be deleted from the filesystem.
In git, you can't delete the content of a branch. All you can do is to push a commit that removes all your files. If you want to start over from a clean repository, you have to delete the current one a create a new one with the same name for example.
Since you have already made 5 commits since the commit containing the clear text password, you best bet is to do a git rebase -i
in interactive mode on your local branch. Find the SHA-1 of the commit where you added the clear text password, and type the following:
git rebase --interactive dba507c^
where dba507c
are the first 7 characters of the SHA-1 for the bad commit.
Change this:
pick dba507c comment for commit containing clear text password
To this:
edit dba507c I have removed the clear text password
Make the change to the password file to remove the clear text, then commit your result like this:
git commit --all --amend --no-edit git rebase --continue
Finish the rebase, then push your (correct) local branch to the remote via:
git push -f origin your_branch
You will need to force push your_branch
because you have rewritten history (by modifying the password file). Now you have all your latest commits, but you have removed the clear text.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With