Delete sensitive data from git

Caution: please use the below knowledge with caution — all the tools described below cannot be used with blind copy-pasting. Be aware of that — you have been warned (commands are not working). (But if you do have any funny/scary stories, please share in the comments).

One day, when working with your git-based project, you may accidentally save your personal logins, passwords or SSH keys to the repository. Of course, you can use git rm to remove the file, but the file will still be in the history.

Once a file with private data is in the repository, all data in it can be considered compromised, and immediate action must be taken (changing passwords, etc.). There is no way to trace if anyone has seen or downloaded these files.

Fortunately, there are tools that allow you to remove a file from a git repository completely. This article describes how to use the BFG Repo-Cleaner and git-filter-branch to completely remove a file from a git repository.

git-filter-branch

git-filter-branch the utility is part of git and does not require additional installation.

Suppose that we accidentally saved the .secret file in the repository, which stores the password for the database. The project is in active development and a test database is being used, but out of habit…