23

On a commit I accidentally included a password. How do I remove this commit from the repository?

The push went to github so It's important that the commit be removed completely from the history.

Antonio Petricca
  • 8,891
  • 5
  • 36
  • 74
SooDesuNe
  • 9,880
  • 10
  • 57
  • 91
  • 29
    Change your password. Now. – ircmaxell Feb 24 '11 at 01:19
  • password changed, it was for a local database file anyway. – SooDesuNe Feb 24 '11 at 01:32
  • Assume that everyone who can check out the repository already did. On a public repo, that means you should assume everyone on the internet now knows that password and that username that goes with it. – Kzqai Feb 24 '11 at 01:33
  • 2
    Give me the address of the repo, I will try to fix it... xD just kidding :) – Filip Spiridonov Sep 10 '12 at 06:58
  • 1
    Possible duplicate: [Remove sensitive files and their commits from Git history](https://stackoverflow.com/questions/872565/remove-sensitive-files-and-their-commits-from-git-history) – wjandrea Aug 27 '21 at 22:40

2 Answers2

3

You should do as follow:

git log --oneline -S <COMMIT_SEARCH_PATTERN>

# Copy the commit hash

git rebase - i <COMMIT_HASH>~1

# Change the marker to **drop**
# Exit from the editor

git rebase --continue
git push --force
Antonio Petricca
  • 8,891
  • 5
  • 36
  • 74
-3

To remove the password for future clones and fetches, I'd point you to git rebase, editing the commit and then doing a git push --force.

Of course - you have to change the password anyways.

Mr. Gung
  • 117
  • 1
  • 9
  • The damage has been done. It doesn't matter if you remove it *now*, the problem is that the password was compromised in the first place. Anyone that retrieved the password before you overwrote the commit still has it. – chepner Jul 30 '21 at 14:25
  • 1
    I assumed removing the password from the repo would obviously be for cosmetics. – Mr. Gung Jul 30 '21 at 14:45