Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Purge history for a pushed confidential data in remote origin?

Tags:

git

A while ago, we've pushed some app.settings files containing sensitive data such as connection strings.

That was long time ago and since then we've removed (by pushing new versions) which don't contains the sensitive data.

However , If someone will try to see app.settings's history - he will see the connection strings.

Question

How can I make the passwords not to be there even with history lookup. Also- I don't want to see that connection strings has been removed compared the one commit after.

Clarification: I don't want to remove the file , only few lines.

Visualization:

2017 - commit - connectionstring=***,***
2018 - commit - removed connectionstring=***,***
2019 - histroy of commits , I will see the sensitive data.

I want to delete 2017's sensitive lines and I dont want to see that 2018 now has few lines less (the sensitive data , will be displayed in diff imho) .

like image 481
Royi Namir Avatar asked Jul 20 '19 07:07

Royi Namir


People also ask

How do I remove sensitive data from git history?

If you commit sensitive data, such as a password or SSH key into a Git repository, you can remove it from the history. To entirely remove unwanted files from a repository's history you can use either the git filter-repo tool or the BFG Repo-Cleaner open source tool.

How do I permanently delete a commit in git?

To remove the last commit from git, you can simply run git reset --hard HEAD^ If you are removing multiple commits from the top, you can run git reset --hard HEAD~2 to remove the last two commits. You can increase the number to remove even more commits.


1 Answers

This is a classic case described in GitHub help page "Removing sensitive data from a repository".
As commented, it will involve rewriting, and then force pushing the entire history of the Git repository.

But considering the distributed nature of Git, other might already have cloned the (old version of) your repository.

Which means the main advice is: first and foremost, change your connection credentials now.
Make sure that old versioned sensitive data is no longer sensitive.

Then you can worry about cleaning up the history of your repository.

like image 144
VonC Avatar answered Oct 16 '22 20:10

VonC