ProTip™: Nuke a File from Git History
Published
Here’s the scenario: I was working on a take-home project as part of an interview process. I was given a document with the desired specs and had copied that into my project README. Towards the end of completion, as I was preparing to push to a public (now private) GitHub repository, I realized that I had included a plaintext password that was included as part of the spec. Before putting the codebase live into the wild, I needed to remove the README from Git history and put it back into re-existence with the plaintext password properly redacted.
Before sharing the one-liner copypasta, two caveats:
- If you’ve already
git push-ed, you MUST assume the data is compromised. - This will delete the file locally, so make a copy before executing.
As the adage (today’s Wordle 🤓) goes, with great power comes great responsibility:
git filter-branch --force --index-filter "git rm --cached --ignore-unmatch PATH-TO-YOUR-FILE-WITH-SENSITIVE-DATA" --prune-empty --tag-name-filter cat -- --allSource: https://stackoverflow.com/a/59292399
I love hearing from readers so please feel free to reach out.