Reputation: 1634
How do I properly remove sensitive data pushed to a Git repo?
I pushed a file containing a password to my repo by mistake - FYI the repo is just a small personal project.
Once I realised the password was present I added the file to .gitignore and executed git rm -r --cached <filename>, committed and pushed to the repo.
I now realise the password is still present in the history - what is the best way to remove it?
I read the Remove sensitive data page on Github which suggests changing the password - which I have done - but I would like to remove the history as well.
Upvotes: 44
Views: 20871
Answers (3)
Reputation: 1005
You can use git reset --soft in your branch to undo that last commit.
Then remove the creds from the respective files.
And do the command sequence git add <updated-file>, git commit, and git push -f.
E.g:
git checkout <branch-name>
git reset --soft HEAD~1
git add <updated-file>
git commit -m "commit message"
git push -f origin <branch-name>
Upvotes: 0
Reputation: 522751
Since you have already made 5 commits since the commit containing the clear text password, you best bet is to do a git rebase -i in interactive mode on your local branch. Find the SHA-1 of the commit where you added the clear text password, and type the following:
git rebase --interactive dba507c^
where dba507c are the first 7 characters of the SHA-1 for the bad commit.
Change this:
pick dba507c comment for commit containing clear text password
To this:
edit dba507c I have removed the clear text password
Make the change to the password file to remove the clear text, then commit your result like this:
git commit --all --amend --no-edit
git rebase --continue
Finish the rebase, then push your (correct) local branch to the remote via:
git push -f origin your_branch
You will need to force push your_branch because you have rewritten history (by modifying the password file). Now you have all your latest commits, but you have removed the clear text.
Upvotes: 70
Reputation: 158250
If it was the previous commmit, then remove the password from the file and run
git add file_with_pwd
git commit --amend
git push -f origin master
Note: Once you posted that here on Stackoverflow, many guys may have already cloned the repo (you have the same username on github and just one repository). Change the password!
Upvotes: 20
Related Questions
- How do you handle sensitive data in a public git repo?
- How to remove user sensitive data from Github
- How to completely remove sensitive commits from GitHub?
- Deleting Sensitive Data After Push
- Removing sensitive info from all Git commits
- Sensitive data not being removed
- Clearing sensitive information when running "git commit"
- Could not remove sensitive data
- Getting rid of some sensitive data in a git repo
- How do I verify removal of sensitive data from a git repository?