Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Purge history for a pushed confidential data in remote origin?

Tags:

git

A while ago, we've pushed some app.settings files containing sensitive data such as connection strings.

That was long time ago and since then we've removed (by pushing new versions) which don't contains the sensitive data.

However , If someone will try to see app.settings's history - he will see the connection strings.

Question

How can I make the passwords not to be there even with history lookup. Also- I don't want to see that connection strings has been removed compared the one commit after.

Clarification: I don't want to remove the file , only few lines.

Visualization:

2017 - commit - connectionstring=***,***
2018 - commit - removed connectionstring=***,***
2019 - histroy of commits , I will see the sensitive data.

I want to delete 2017's sensitive lines and I dont want to see that 2018 now has few lines less (the sensitive data , will be displayed in diff imho) .

like image 481
Royi Namir Avatar asked Jul 20 '19 07:07

Royi Namir

People also ask

How do I remove sensitive data from git history?

If you commit sensitive data, such as a password or SSH key into a Git repository, you can remove it from the history. To entirely remove unwanted files from a repository's history you can use either the git filter-repo tool or the BFG Repo-Cleaner open source tool.

How do I permanently delete a commit in git?

To remove the last commit from git, you can simply run git reset --hard HEAD^ If you are removing multiple commits from the top, you can run git reset --hard HEAD~2 to remove the last two commits. You can increase the number to remove even more commits.

1 Answers

This is a classic case described in GitHub help page "Removing sensitive data from a repository".
As commented, it will involve rewriting, and then force pushing the entire history of the Git repository.

But considering the distributed nature of Git, other might already have cloned the (old version of) your repository.

Which means the main advice is: first and foremost, change your connection credentials now.
Make sure that old versioned sensitive data is no longer sensitive.

Then you can worry about cleaning up the history of your repository.

like image 144
VonC Avatar answered Oct 16 '22 20:10

VonC
Sign in to Comment

Related questions

ASP NET Core: How to create wwwroot/lib on build
Git Clone : Unknown SSL protocol error in connection to github.com:443
Working with a remote repository in JGit
Jenkins Pipeline: How do I fetch (not pull) a different branch?
How to find the git object id of an object with a known hash
invalid credentials - LDAP access error in git community edition
Using Git with VS Code and Bash on Ubuntu on Windows (WSL)
Trigger a job by polling multiple GIT repos inside Jenkinsfile
Line endings with Git
User management system for WordPress, Node, GitLab and CLI [closed]
AWS Elastic Beanstalk failed to install Python package using requirements.txt Git Pip
Side effects on a periodic git fetch
How to make public only one file of a private git repository?
Git checkout fails with because local changes ... without local changes?
The output of git diff is not handled correctly in powershell
git compare two branches which contains some common commit with different hash
How do I handle a secret API Key when I push to GitHub so that my project is still functional when the repo is cloned?
git multiple credential helper
Login failed when trying to perform git push to Azure Devops
Passing environment variables from fastlane to Xcode build phase script

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!