I've tried deleting the file from github using a webbrowser and committing, but it's still showing my API keys. How can I completely remove the commit from the git repo?
Asked
Active
Viewed 850 times
0
-
1Esp. see this answer: https://stackoverflow.com/a/32840254/7976758 – phd Mar 21 '21 at 10:29
-
1https://stackoverflow.com/search?q=%5Bgithub%5D+remove+sensitive+data – phd Mar 21 '21 at 10:30
2 Answers
3
If I were you, I would assume that somebody might have already stolen my API keys, so I would change them for extra safety.
In order to remove the file from git, a useful tool is the BFG Repo-Cleaner.
- Download BFG from their Official site.
- Open the terminal in the root folder of your repository.
- Execute the following command. This will delete your file that has sensitive data from the current and previous commits:
bfg --delete-files PATH-TO-YOUR-FILE-WITH-SENSITIVE-DATA
- Add your file with sensitive data to
.gitignore - After checking that the sensitive data has been removed, force-push your changes to GitHub by running this command
git push --force
Arnold Gee
- 856
- 2
- 8
- 18
2
First, you should revoke those API keys. You have to assume that as soon as they became public, they were exposed, and you should rotate them immediately.
Once you do that, it may become less important to remove that data, but if you still want to do so, GitHub has documentation on how to do so. Note that once you've removed the objects from the history and pushed the rewritten history, you'll need to contact GitHub Support to remove the now-unreferenced objects because GitHub doesn't GC by default.
bk2204
- 64,793
- 6
- 84
- 100