Yes! this has happened to most of us at least once in our career, especially when we are just starting. We accidentally commit sensitive data to GitHub. We forget to gitignore our config file containing database passwords or API keys or jwt secrets. And we immediately start to panic.
This happened to me a couple of days ago. I forgot to ignore my default JSON file that contained my database connection password and jwt secret. I had just gotten a feature to finally work and in the excitement, I immediately committed and pushed to GitHub. I only realized my error when I got a notification from GitGuardian that my latest commit contained secret keys.
If you find yourself in the same position, the first thing you do is change the visibility of the repo. So, if it's a public repo, make it private. This way, you're sure no one else sees the file while you're working on deleting it.
Next thing, if you aren't already in the project folder, cd into it on git bash or whatever terminal you are using. Let's assume my project folder is My-Project and I have a file named secretFile.json I want to delete.
cd My-Project
then run the following command. You have to include the path to the file and not just the file name.
git filter-branch --force --index-filter \
"git rm --cached --ignore-unmatch config/secretFile.json" \
--prune-empty --tag-name-filter cat -- --all
replacing config/secretFile.json with the path to the file you want to be removed. In my case, secretFile.json is inside of a folder named config.
Note: The command above deletes the file from your local repository too, so ensure you have copied the content to a notepad or whatever you use before running the command.
Then create and add your file to .gitignore so you don't accidentally push it to GitHub again. You can do that with
echo "name-of-your-file" >> .gitignore
git add .gitignore
git commit -m 'add file to .gitignore'
Once you are satisfied with your changes, you can then push them to GitHub
git push origin --force --all
And that's it! Your repo history is clean without any trace of your sensitive file.
Thanks for reading.
Top comments (7)
This is a great solution much better then rebase
The only little drawback is the time it takes
As much commit it have the longer the time it takes
Thanks for the nice comment. And yes, I suspect it could take a little time if the commit is way behind and you don’t discover sooner. Although, if you have GitGuardian connected, you get notified immediately the file gets pushed to GitHub and then, you can quickly remove it.
Very helpful post to resolve a problem we all get caught out by every once in a while!
Thanks Gil. 👍🏻
What will happen if your project ist no one-maintainer-code and some buddy already has this change checked out.
Will he get troubles if he pulls the current changes?
Not at all. Once they pull in the current changes, they have to rebase and not merge any branches created off of the old history. Cos a merge could potentially reintroduce the history you just filtered out
Some comments may only be visible to logged-in visitors. Sign in to view all comments.