14

I checked in (into github) some sensitive files by mistake. To remediate this, I followed the instructions here and ran the commands:

git filter-branch --force --index-filter "git rm --cached --ignore-unmatch settings.json" --prune-empty --tag-name-filter cat -- --all
echo "settings.json" >> .gitignore
git add .gitignore
git commit -m "Add settings.json to .gitignore"
git push origin --force --all
git push origin --force --tags
git for-each-ref --format="delete %(refname)" refs/original | git update-ref --stdin
git reflog expire --expire=now --all
git gc --prune=now

I can however go to my commit history to see the deleted file.

To fix this issue, how can I delete the file from github commit history?

enter image description here

enter image description here

Improve this question
4
  • You have another problem: Since you already pushed the branch with the sensitive material, in between then and now, someone else may have already pulled it. So, if you get an answer here you should also realize that the cat is already out of the bag in some ways. Commented Jan 14, 2020 at 5:09
  • 1
    Note that even after you get some commits removed, GitHub will still grant people access to the removed commits as long as they know the hash ID and it has not yet been "too long". It is up to GitHub how long "too long" is: eventually removed commits won't be accessible by hash ID. Commented Jan 14, 2020 at 5:27
  • @TimBiegeleisen, the repository is a private repository, only I am using the repo. Commented Jan 14, 2020 at 5:39
  • 1
    @AjitGoel Fair enough, then Von's answer below may completely get you out of the mess. Commented Jan 14, 2020 at 5:39

1 Answer 1

Reset to default
14

Try instead to use the best practice is to use the new tool git filter-repo which replaces BFG and git filter-branch.

Note: if you get the following error message when running the above-mentioned commands: 

Error: need a version of `git` whose `diff-tree` command has the `--combined-all-paths` option`

it means you have to update git.

See "Path based filtering":

git filter-repo --path settings.json --invert-paths

Then git push --force

No need for all those repack/gc/prune at the end: the tool does the cleanup for you.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Thank you @VonC, I will try and let you know. i had tried BFG previously but i could not get it to work.
@AjitGoel Yes, filter-repo should be easier than BFG or filter-branch..
i am getting a "/usr/bin/env: 'python3': Permission denied" error. I am using windows 10.
@AjitGoel See stackoverflow.com/q/56974927/6309 or stackoverflow.com/a/56603544/6309

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.