Deleting sensitive data from your git repository

Sometimes you just forget stuff and BAM! There is config file with database access in the remote repository.

How to get rid of the file itself and all of its history?

Let’s assume our file is called secrets.yaml.

1) git rm

git rm secrets.yaml

2) add the file to .gitignore

# .gitignore
# Ignore this file

3) commit

git commit -m "Removed sensitive file"

4) bfg

bfg is little program which removes unwanted data from repository through all history.

On osx, you can install it via `brew install bfg`.

Note: bfg does not support paths, only filenames. You can’t use foo/bar.yaml or any wildcard. Just the filename.

 bfg --delete-files secrets.yaml 

5) reflog

git reflog expire --expire=now --all && git gc --prune=now --aggressive

6) And: Ta-Dá

Push it to the limit remote and it’s done. I would also recommend changing all the passwords and keys which were visible for a while.

git push --force origin

More info:

Leave a Reply

Questions? Something to add? Let's discuss!

Simply @mention me on Twitter and start the discussion.