Safely Removing Sensitive Files from Git History

 

Introduction:

We all make mistakes, and in the realm of version control, one wrong move can have unintended consequences. Recently, I found myself in a predicament when I accidentally pushed a sensitive file to a public GitHub repository. Determined to rectify the situation and ensure the security of my project, I embarked on a journey to remove the sensitive file from the repository’s commit history. In this blog post, I will share my story and outline the step-by-step process I followed to accomplish this task successfully.

The Mistake:

In the midst of a busy coding session, I unknowingly committed and pushed a file containing sensitive information to a public GitHub repository. Panic set in as I realized the potential ramifications of this oversight. It was clear that immediate action was required to rectify the situation and protect the security of my project.

The Decision to Remove the Sensitive File:

Realizing the urgency of the situation, I made the decision to remove the sensitive file from the repository’s commit history entirely. This would ensure that the file would no longer be accessible, even to those who might have cloned the repository prior to the removal.

The Step-by-Step Process:

Step 1: Verify Clean Working Directory:

Before proceeding with any modifications, I ensured that my local working directory was clean and free from any uncommitted changes. This provided a solid foundation for the subsequent steps.

Step 2: Identify the Sensitive File:

Identifying the exact file containing the sensitive information was crucial. In my case, it was named token.txt. This file had to be removed from the commit history completely.

Step 3: Rewrite Git History:

To remove the sensitive file from the commit history, I used the git filter-branch command with the --index-filter option. Here’s the command I executed in the terminal:

git filter-branch --index-filter 'git rm --cached --ignore-unmatch token.txt' -- --all

This command meticulously traversed the entire commit history, ensuring the removal of the token.txt file from every commit.

Step 4: Force-Push the Rewritten History:

After successfully rewriting the Git history, I needed to force-push the changes to the remote repository. It’s essential to note that this step should be executed with caution, as it overwrites the remote repository’s history. Here’s the command I used:

git push --force origin main

By force-pushing the rewritten history, I ensured that the sensitive file was permanently removed from the repository.

Alternative Solution

You may want to remove all commit history and replace it with a new commit, you can use the git push –force command after performing a git reset. Here are the steps to follow:

Note: Proceed with caution as this operation permanently removes all previous commits.

  • Open your terminal or command prompt and navigate to the local repository’s directory.

  • Make sure you have a backup of your repository or clone it to a different location to avoid permanent data loss.

  • Run the following commands to remove all commit history and replace it with a new commit:

git checkout --orphan newbranch
git add -A
git commit -m "Your new commit message"

These commands create a new branch called “newbranch” with no commit history and create a new commit with your desired changes.

  • Next, run the following command to point the repository to the new branch and remove all previous commit history:
git branch -M newbranch main

This command renames the “newbranch” to “main” (or your preferred branch name) and effectively replaces the old branch, including its commit history.

  • Finally, force-push the changes to the remote repository using the following command:
git push --force origin main

Be cautious when using git push –force as it overwrites the remote repository’s history. Make sure you have a backup and consider the impact on other collaborators.

After completing these steps, your local and remote repositories will have a single commit with the changes you specified, effectively removing all previous commit history.

Conclusion:

In the face of an unfortunate mishap of pushing a sensitive file to a public GitHub repository, I took immediate action to safeguard the security of my project. Through a step-by-step process involving rewriting the Git history and force-pushing the changes, I successfully removed the sensitive file from the commit history. Remember, it’s crucial to exercise caution when handling sensitive information and to follow best practices to maintain the integrity of your projects.