1

I am trying to remove the password(s) from my Git repo history (I removed passwords from my Git repo long time back manually but not from history, and this time trying to clean throughout the history of my Git repo)

And for same, started with forking the main repo and went through and followed the steps - BFG Repo-Cleaner and tried to search on StackOverflow like this

Everything looks well with all the steps followed on local Git repo, and last is git push, but after that I don't see commits on my forked repo, though I see this message This branch is 853 commits ahead, 853 commits behind, and it gives option to create PR (as well as compare) and in this PR I see lot of diffs[like the new file which was created some time back, and still exists in the current version] which has nothing to do with the password I am trying to replace.

The Git version is 2.21.0

Biffen
  • 6,249
  • 6
  • 28
  • 36
lowLatency
  • 5,534
  • 12
  • 44
  • 70

2 Answers2

5

Instead of BFG, try the new git filter-repo, which will replace the old git filter-branch or BFG

Example:

To replace the text 'password' with 'p455w0rd':

git filter-repo --replace-text <(echo "password==>p455w0rd")

But the end result will be the same: a new commits history, not just for your current branch, but for all branches (where your password was found)
That means a git push --all --force, to override the history of the remote repository.

If the password was added only in the PR branch then removed, filter only that PR branch instead of everything, then rebase that new history on top of upstream/master

Before password removal:

        u--u--u     (upstream/master)
       /
x--x--x             (master)
       \
        pr--pr--pr  (pull-request branch)

After password removal, using --refs pr (replace 'pr' by the name of your pull-request branch: git filter-repo --replace-text <(echo "password==>p455w0rd") --refs pr)

        u--u--u     (upstream/master)
       /
x--x--X             (master)
      |\
      | pr'--pr'--pr'  (new pull-request branch)
       \
        pr--pr--pr  (old pull-request branch)

You need to rebase that new branch on top of upstream/master, assuming that upstream is the original repository to where you are making a PR.

git fetch upstream
git switch pr
git rebase upstream/master

Then the PR would only include your commits, not every commits since the beginning of time.

Community
  • 1
  • 1
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • Hey Von, I see your same answer on another similar question, but you mentioned it to be on 2.24(Q4 2019), but my git version is 2.21.0. Will it work for me? And will I get the same results, rewriting of the whole history, or will only remove the passwords (which I put/requested in first place to be replaced) – lowLatency Oct 20 '19 at 04:36
  • @Learner The tool is available now. Only Git 2.24 will mention it (and its role: to replace `git filter-branch`) – VonC Oct 20 '19 at 04:38
  • I am still seeing the same result with this `This branch is 853 commits ahead, 853 commits behind` on my forked repo, and no commits in the commit history. can you please help – lowLatency Oct 21 '19 at 00:13
  • @Learner This is expected: can you try and rewrite only your PR branch? (as I describe in my edited answer) Or was your password present before your PR branch? – VonC Oct 21 '19 at 07:14
1

You used BFG Repo-Cleaner to completely rewrite your git history. If you are sure this is what you want to do, you do not want to use a pull request to merge your branch with master. You want to force-push every branch back up to GitHub. This requires un-protecting all protected branches. (Master is usually protected). If this is not your own private repository, you will want to make sure everyone is okay with you doing this. Be very careful if this is what you are doing.

If you are certain you want to do this. These are the commands you will need:

git checkout <branch> #do this for every branch on your guthub repo
git push origin --force
David Sugar
  • 1,042
  • 6
  • 8
  • note: you can ignore my answer if the repo-cleaner ONLY changed commits on your private branch, and no commits on any other branch. But if any other branches were affected, you will need to do what I wrote for all branches affected. Even if your branch was the only one affected, you will need to force push it before creating the pull request. – David Sugar Oct 20 '19 at 02:51
  • My intent is to remove the passwords(I removed these across the master and other branches current/HEAD) from the repos(they exist in history only) on github (including master and other branch) - and after going through the internet found BFG (and have not explored git filter-branch). And before I do it, I am trying to do all of these steps successfully on the forked repo – lowLatency Oct 20 '19 at 04:33
  • If you are rewriting history, to remove the password from ALL previous commits, you will need to force push all branches after using BFG Repo-cleaner – David Sugar Oct 20 '19 at 12:14