Removing sensitive data from git

suppose one accidentally commited a file with sensitive data ages ago, others could actually retrieve the passwd easily since git keeps a history of the changes. So the idea is to remove the file from git altogether with file changed history, then recommit the affected file (without sensitive data this time) again.

do a git pull and git fetch –tags on original repo, then copy the repo to a tmp repo and apply the commands to the tmp repo like so:


git pull
git fetch --tags
git filter-branch --index-filter 'git rm --cached --ignore-unmatch wp-config.*' --tag-name-filter 'cat' HEAD --all
(if you have uncommited changes, you will get "Cannot rewrite branches with a dirty working directory." error. Do a git commit to fix the error.)

After that, copy the affected files (wp-config.* in this case) from the old repo back to the tmp repo and force push from the tmp repo.


git push origin master --force

do it for other branches affected.

If using github, the only way is to remove the repo and recreate a new one. In the tmp repo


git push origin master
(or push any other branches if need be)
git push --tags

see also http://help.github.com/remove-sensitive-data/ and http://kernel.org/pub/software/scm/git/docs/v1.6.0.6/git-filter-branch.html

Author: bpeh

Bernard Peh is a great passioner of web technologies and one of the co-founder of Sitecritic.net Website Design and Reviews. He works with experienced web designers and developers everyday, developing and designing commercial websites. He specialises mainly in SEO and PHP programming.