Remove file from git repository history

Question

I checked in (into github) some sensitive files by mistake. To remediate this, I followed the instructions here and ran the commands:

git filter-branch --force --index-filter "git rm --cached --ignore-unmatch settings.json" --prune-empty --tag-name-filter cat -- --all
echo "settings.json" >> .gitignore
git add .gitignore
git commit -m "Add settings.json to .gitignore"
git push origin --force --all
git push origin --force --tags
git for-each-ref --format="delete %(refname)" refs/original | git update-ref --stdin
git reflog expire --expire=now --all
git gc --prune=now

I can however go to my commit history to see the deleted file.

To fix this issue, how can I delete the file from github commit history?

You have another problem: Since you already pushed the branch with the sensitive material, in between then and now, someone else may have already pulled it. So, if you get an answer here you should also realize that the cat is already out of the bag in some ways. — Tim Biegeleisen, Jan 14 '20 at 05:09
Note that even after you get some commits removed, GitHub will still grant people access to the removed commits as long as they know the hash ID and it has not yet been "too long". It is up to GitHub how long "too long" is: eventually removed commits *won't* be accessible by hash ID. — torek, Jan 14 '20 at 05:27
@TimBiegeleisen, the repository is a private repository, only I am using the repo. — Ajit Goel, Jan 14 '20 at 05:39
@AjitGoel Fair enough, then Von's answer below may completely get you out of the mess. — Tim Biegeleisen, Jan 14 '20 at 05:39

score 12 · Answer 1 · answered Jan 14 '20 at 05:08

12

Try instead to use the best practice is to use the new tool git filter-repo which replaces BFG and git filter-branch.

Note: if you get the following error message when running the above-mentioned commands:

Error: need a version of `git` whose `diff-tree` command has the `--combined-all-paths` option`

it means you have to update git.

See "Path based filtering":

git filter-repo --path settings.json --invert-paths

Then git push --force

No need for all those repack/gc/prune at the end: the tool does the cleanup for you.

answered Jan 14 '20 at 05:08

VonC

1,262,500
529
4,410
5,250

1

Thank you @VonC, I will try and let you know. i had tried BFG previously but i could not get it to work. – Ajit Goel Jan 14 '20 at 05:14
1

@AjitGoel Yes, filter-repo should be easier than BFG or filter-branch.. – VonC Jan 14 '20 at 05:15
i am getting a "/usr/bin/env: 'python3': Permission denied" error. I am using windows 10. – Ajit Goel Jan 14 '20 at 05:44
1

@AjitGoel See https://stackoverflow.com/q/56974927/6309 or https://stackoverflow.com/a/56603544/6309 – VonC Jan 14 '20 at 06:26

Remove file from git repository history

1 Answers1

Linked