Reputation: 4649
Sensitive data not being removed
I have oauth information stored in a .js file on github, but it's not being removed when I try to purge it.
git filter-branch --force --index-filter "git rm --cached --ignore-unmatch config" --prune-empty --tag-name-filter cat -- --all
I'm on Windows 7 64-bit, with git version 1.9.5.msysgit.0.
After I did all this that github commit still exists on github. Can someone please help me and let me know what I'm doing wrong?
Problem solved: The file was named config.js, not config. Thanks
Edit:
Rewrite f8899b62eca2db6bee196e9096e50af54a11dce6 (13/27)rm 'config.js'
Rewrite 7d552dfff83f73680319339199b453fe2c68c486 (14/27)rm 'config.js'
Rewrite af45e665de54b5742c5b7a2abc42930bc3a495a7 (15/27)rm 'config.js'
Rewrite 43ed6fdd603bed538f938b4032327387b5ba678d (16/27)rm 'config.js'
error: duplicate parent 0e53d2d536c4804eb2dd085a6d0a9d9b004efa66 ignor
Rewrite e075498a66de25641d29f02f772f2a026aa2168d (17/27)rm 'config.js'
Rewrite 5312d1b1ae8e0f232daaa05aae630eb016cc417f (18/27)rm 'config.js'
Rewrite 55279be6bf144ea601525523b6262f5d20baebd2 (24/27)rm 'config.js'
Rewrite 3c4534f639742cb33ffb6f43ad1ca6d0df783b3f (25/27)rm 'config.js'
Rewrite ca4a556bdf8efb131786d0b7219098312d5edb0d (27/27)
Ref 'refs/heads/master' was rewritten
Ref 'refs/remotes/origin/master' was rewritten
WARNING: Ref 'refs/remotes/origin/master' is unchanged
Upvotes: 0
Views: 143
Answers (2)
Reputation: 136910
It is vital that you nullify the compromised OAuth information and generate new credentials. I recommend doing this even before you worry about cleaning up your history.
Unfortunately, there are bots that look for this kind of stuff:
- http://www.devfactor.net/2014/12/30/2375-amazon-mistake/
- http://wptavern.com/ryan-hellyers-aws-nightmare-leaked-access-keys-result-in-a-6000-bill-overnight
Your filter-branch command looks good¹. Once you get your history cleaned up locally, you'll need to force push to GitHub:
git push origin --force --all
The offending commits will remain on GitHub until git-gc is run on the server. You could wait for this to happen, or you could submit a support ticket asking for it to be run on your repository.
¹Make sure that the full filename, including extension, matches the ... "git rm --cached --ignore-unmatch config" ... part.
Upvotes: 1
Reputation: 51343
Did you remove the backup refs and the reflog entries before doing a git gc?
Check with
git rev-list --objects --all | grep config
if the file is deleted.
I also wrote a blog about deleting files from a git repository. You will find more information there Remove directories and files permanently from git.
I also published a gui tool on github that helps to delete files. More about this tool here: GitDirStat – a git maintenance gui. The actual release can be downloaded. It's pure java.
Upvotes: 0
Related Questions
- How do I properly remove sensitive data pushed to a Git repo?
- How to remove user sensitive data from Github
- How to completely remove sensitive commits from GitHub?
- Deleting Sensitive Data After Push
- Removing sensitive info from all Git commits
- Hide sensitive information from git changes
- Clearing sensitive information when running "git commit"
- Could not remove sensitive data
- Getting rid of some sensitive data in a git repo
- How do I verify removal of sensitive data from a git repository?