Reputation: 19098
Mercurial: Permanently remove sensitive data from HG repo?
I know that in Mercurial, "history is sacred".
But let's say someone accidentally commits something they shouldn't, like a settings file containing a password or something. Let's even say some time passes before anyone realizes it, so its been hanging around for several commits. Obviously, the discoverer then removes the sensitive data from the repository.
Is there any way to permanently scrub that file or the sensitive data from the commit history, as though it never existed? Or would that sensitive data just be a permanent part of the repo forever and ever?
Upvotes: 8
Views: 1216
Answers (4)
Reputation: 20852
If, and only if, this repository hasn't escaped into the wild, you can remove a file from history by essentially cloning to a new repository while filtering the sensitive file in the process, using hg convert Hg Convert Extension doc here
Commonly, we find something when we audit the repository prior to publishing or delivering to a client, such as a web.config or ini file with a password.
The extension isn't enabled by default, but is included with all clients I use, you need to enable it before Mercurial will recognize the convert command.
If using Tortoise Hg or Kiln, for example:
- Open Tortoise Hg -> Global Settings -> Extensions
- Check the box beside "Convert"
- Click Ok
Or edit Mercurial.ini directly:
[extensions]
convert =
Go to the directory above your repository (in my example, my repos is HelloApp):
Create a file named filemap.txt
Add a line with the full path to the filename you want to exclude.
exclude HelloApp/sensitive.configOpen a command prompt, cd to the same directory, containing your filemap.txt, and run the hg convert
cd C:\projects hg convert --filemap filemap.txt HelloApp HelloApp_cleanThen get latest working copy:
cd HelloApp_clean hg update
You will need to create a fresh clone on your server with your clean copy.
Upvotes: 2
Reputation: 40319
No. Not really. If you can convince everyone who had access to delete and reclone, you can remove the file from future access.
But if you, e.g., pushed your root password to a public Bitbucket repo - ? You should change it. Your information is now public and leaked and should be considered as such. Sorry.
Upvotes: 1
Reputation: 462
I haven't investigated the details of how hooks work so this idea may not fully play out. It may be possible to set up hooks to disallow the committing, pushing and pulling of your sensitive files. There are hooks that will run before committing or pushing (precommit and preoutgoing). Protecting the hooks so they are not circumvented is another issue that Mercurial: The Definitive Guide also discusses.
Upvotes: 1
Reputation: 56068
There are a few methods to accomplish this. All of them require the cooperation of everybody who has cloned your repository or pulled changesets from it after the change was introduced.
Which method to use depends on the exact nature of the committed data and where it is in the history. All of them require the use of Mercurial extensions and cannot be accomplished with core Mercurial. Luckily, all the required extensions are shipped by default with Mercurial and simply have to be enabled.
I'm not going into detail about the methods here as there are several answers that give different methods in the question this is a dupe of. I just want to be clear that the accepted answer in that question is technically correct, but not useful. It is actually possible.
Upvotes: 2
Related Questions
- hg remove directory from repo?
- How to remove user sensitive data from Github
- What is the correct way to remove files from hg repo after stripping?
- cleaning out a Mercurial Repository
- Reverse "hg update --clean"
- Remove some files from past commits in Hg
- Remove files from HG Outgoing
- How to clean confidential data in mercurial changesets?
- How to keep a file private to a Mercurial repository?
- Wiping a sensitive file from a mercurial repository