Removed sensitive file from GitHub history, but I can still access it

Question

I have accidentially commited file with sensitve data and wanted to get rid of it from current GitHub repo state and from the entire history. To make sure, that process is completed, I have opened a new tab in my browser, with URL pointing to some early stage of that file in repository history.

I went through "Remove sensitive data" article in GitHub Help, I read through Darhuuk's answer, as good as many others here and still for nothing -- file is clearly removed from my local repository and its GitHub remote counterpart, but when I refresh that other tab, I can cleary see that file and its sensitve content.

What am I missing, or what should I do next?

Answer 1

I had to contact GitHub Support. They ran git gc on their side to complete this procedure.

Since I don't have any collaborators to my repository yet, and since I'm not using tags, I have eliminated steps, that in my opinion was irrelevant. Aside of them I did:

1. Emptying repository out of sensitive.file file:

   git filter-branch --force --index-filter \
   "git rm --cached --ignore-unmatch sensitive.file" \
   --prune-empty --tag-name-filter cat -- --all
   

2. Forcing changes to GitHub:

   git push origin --force --all
   

3. Purging locally cached changes:

   git for-each-ref --format='delete %(refname)' refs/original | git update-ref --stdin
   git reflog expire --expire=now --all
   git gc --prune=now
   

After that, git reported me, that there is nothing to commit (git status) and that my local repository is up-to-date with remote one (git pull + git push). But, I still could access that file, using URL, I had open in one of tabs, that was leading to one of its early copies in GitHub.

Refreshing page didn't bring any change. File was clearly there.

I contacted GitHub support and got reply withing five minutes (!). They had to run git garbage collector (git gc) on their side, to finish this process. Finally, after that, mentioned link started to show 404.