2

I have the following situation with my git repository

Commit N: My latest commit (3 file changes)

Commit N-1: Some good commit (2 file changes)

Commit N-2: Some problematic commit (2 files changes, in one of them your password says hi to the world) .

.

.

.

Commit 1

So, all those commits are already pushed to the remote repository.

What I want to achieve:

Have everthing stay the same, but modify the remote commit n-2 in a way that i would modify one of the files and remove the area where the password is not revealed. Also, after the update, the password should not be visible in the commit history. But i dont wanna loose any of my current changes.

Ahmet Eroğlu
  • 594
  • 1
  • 7
  • 23
  • Officially speaking, since you already pushed the plain text password to GitHub, it could be in the hands of anyone on your team, and maybe anywhere in the world. You should change this password immediately. Then, maybe remove the commit which contained the password, just to not make it appear that you site has security holes all over the place. – Tim Biegeleisen Apr 06 '21 at 06:12
  • I've been long enough in the industry to think about changing the password! :) Thanks for the incredible sight :) – Ahmet Eroğlu Apr 06 '21 at 06:13
  • You could do an interactive rebase in order to make that commit the latest, then reset --soft it and change it. Or you could revert it with git revert, then do a new commit fixing the error. In every case, you'll need to do a git push force (force with lease being safer). – Chris Neve Apr 06 '21 at 12:33

1 Answers1

1

The modern tool to use in that case would be git filter-repo, which will replace the old git filter-branch or BFG

Example:

To replace the text 'password' with 'p455w0rd':

git filter-repo --replace-text <(echo "password==>p455w0rd") main~2..main

But you will need a git push --force in order to replace your pushed commits by the rewritten commits.
So your changes are not lost, but not " everything stays the same" exactly, considering any change of content in a commit means technically a new commit (new SHA).

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250