0

Let's say I have accidentally pushed some secret, like a password, to a git repo. So, commit and push origin master. How can I completely delete it from the history. I have read many answers about this and the most logic one seems to be git rebase after which it says Successful but nothing changes..

>git log
commit 48fe584bf7b6b88a68cd4495c0b4c8c562c47dd1 (HEAD -> master, origin/master, origin/HEAD)
Author: me
Date:   Wed Nov 25 17:32:20 2020 +0100

    u

commit 168ee00260a704c2d20f8c70e52cb8db3ee2057b
Author: me
Date:   Wed Nov 25 17:19:27 2020 +0100

    yy

commit a19d7856ad600c0dd3cf5c512e7cb8336a1573cf
Author: me
Date:   Tue Nov 24 16:00:48 2020 +0100

    iii


> git rebase -i a19d7856ad600c0dd3cf5c512e7cb8336a1573cf
Successfully rebased and updated refs/heads/master.

after which git log shows exactly the same...

Niels
  • 537
  • 5
  • 22
  • 1
    Do you mean `git reset --hard a19d7856`? – choroba Nov 25 '20 at 17:24
  • I thought that at first but then you get this Your branch is behind 'origin/master' by 2 commits, and can be fast-forwarded. (use "git pull" to update your local branch) – Niels Nov 25 '20 at 17:25
  • I guess I should get in a state in which I push something, right, pulling now will just reset my reset, so to speak... – Niels Nov 25 '20 at 17:26
  • But doing push -f does the trick – Niels Nov 25 '20 at 17:28
  • As mentioned by @choroba, `git reset --hard SHA1_of_the_last_good_commit` seems the way to go, then: `git push --force-with-lease origin master` (obvious disclaimer: this latter command is a destructive action!) – ErikMD Nov 25 '20 at 17:28
  • Alright, this works indeed. I have missed something before. The answer metioned by @Christoph works as well. What is the modus operandi here, should I delete my question? – Niels Nov 25 '20 at 17:30
  • 1
    https://stackoverflow.com/search?q=%5Bgit%5D+remove+sensitive+data – phd Nov 25 '20 at 17:30
  • 1
    Esp. see this answer: https://stackoverflow.com/a/32840254/7976758 – phd Nov 25 '20 at 17:31
  • The commits are still there, not connected but checkout'able... – Niels Nov 25 '20 at 17:49

1 Answers1

0

You need to use git rebase -i for interactive mode. There you can drop the faulty commit from the list which will give you a rewritten history without that commit.

Then you need to force-push that new history to the remote repository.

But be aware that this can not force an overwrite of the local repositories other users might have and may already have pulled your secret commit. Therefore you should consider these credentials as compromised and change them!

acran
  • 7,070
  • 1
  • 18
  • 35