Reputation: 73
How to completely remove sensitive commits from GitHub?
A few days ago I read article about Github's privacy basics and it says commiters' email are visible via simple Github API request.
I set email alias, but I want to changed email for past commits. Tried with this site and this alias for .gitconfig
change-commits = "!f() { VAR1=$1; VAR='$'$1; OLD=$2; NEW=$3;
echo \"Are you sure for replace $VAR $OLD => $NEW ?(Y/N)\";
read OK;
if [ \"$OK\" = 'Y' ] ;
then shift 3;
git filter-branch --env-filter \"if [ \\\"${VAR}\\\" = '$OLD' ];
then export $VAR1='$NEW';echo 'to $NEW'; fi\" $@; fi;};f "
After that steps when I'll type git log and every commit has new mail, but after API call https://api.github.com/users/(usuername)/events/public I see both old and new email
Upvotes: 3
Views: 2516
Answers (2)
Reputation: 398
I would use git bfg for this.
Works really well and is easy to use as well. It will completely remove what you need removed from the git history.
Upvotes: 1
Reputation: 1614
As commented, you cannot really "change" a commit, only create a new one
with the same or similar data. So when you do a git filter-branch,
git rebase or any other form of amend, you are still creating
new commits.
And when running git push -f, the only difference is that the remote
branch reference is force-updated; it still sends new commits and what
is to be done with the old commits (if anything) is up to the remote repository.
In the case of GitHub, it does not immediatelly remove those old commits from the repository when you do a forced push.
From the official GitHub Help:
Warning: Once you have pushed a commit to GitHub, you should consider any data it contains to be compromised. If you committed a password, change it! If you committed a key, generate a new one.
This article tells you how to make commits with sensitive data unreachable from any branches or tags in your GitHub repository. However, it's important to note that those commits may still be accessible in any clones or forks of your repository, directly via their SHA-1 hashes in cached views on GitHub, and through any pull requests that reference them. You can't do anything about existing clones or forks of your repository, but you can permanently remove all of your repository's cached views and pull requests on GitHub by contacting GitHub Support.
So, to make the old commits stop appearing in the API in a reasonable time-frame, the only options are:
Warning: While the former option is faster, it will also delete the wiki, issues and comments.
- Delete the repository and create a new one
- Contact GitHub support to manually run
git gcon the hosted repository
Note: There is a more comprehensive explanation of the implications of dangling commits here:
https://stackoverflow.com/a/32840254/10095231
Upvotes: 5
Related Questions
- Remove sensitive files and their commits from Git history
- Removing private information from old Git commits
- How do I properly remove sensitive data pushed to a Git repo?
- Removing Commits from Github
- How to remove user sensitive data from Github
- Completely remove old commit from github (not just from history)
- Get rid of few commits
- Best way to remove commits from history?
- Removing sensitive info from all Git commits
- Getting rid of some sensitive data in a git repo