Removing Files From Git History - Permanently

So you’re chugging along, working on your git repo, adding, committing, and pushing when suddenly you realize that you just accidentally committed your database password or an SSH key or something equally sensitive. Worse yet, you keep a copy of your repository on GitHub – and it’s a public repo! All good developers know how to git rm whatever their way out of a file committed by mistake but the problem here is that not only do you need to remove the file from the repo from this point forward but you need it gone from the repository’s entire history too. Not to worry, though! Git has a handy little feature, --tree-filter and --index-filter that’ll help you remove any trace that the file ever existed. Here’s how to make it work…

Obligatory security warning

Before I get into how you permanently (as in, no way to go back except to get the forensics kit out) delete anything from your Git repository I need to warn you about security. If you accidentally commit something sensitive like a password, SSH key, or whatever it may be that in theory could allow someone access to your stuff, you need to immediately change whatever that information was. I accidentally pushed an SSH public key to one of my GitHub repos. Now I’m in the process of generating new keys on all my computers and getting key-based entry restored for my servers. It’s a pain but you should see how many break-in attempts I get on any one of my servers (check out your /var/log/auth.log file sometime, you’ll be astounded). Its bad enough that everyone with a terminal is trying to log into my servers but with a misplaced SSH key out there, even if it was only for a few hours, its scary. So before we move on, be sure to change your password or whatever you accidentally published.

The good stuff is here

Doing a git rm on a file only removes it from the repository from the next commit onward. If your repository is publicly available then anyone with a copy can go back through its history and find the sensitive information you think you removed. So run this command and you’ll be all set:

Permanently delete file/folders from Git Repo
1
git filter-branch --tree-filter 'rm -rf /path/to/file/or/folder' HEAD

BOOM! Ass. Saved. Enjoy your day.

Web development

« I want to make something beautiful CodeIgniter Session Problems »

Comments