Remove sensitive files from commit history

Back when I was first starting with Git, I pushed my config.php file and some unneeded cache files into the repo. I have seen that it is possible to use filter branch to remove unwanted files from history. So say I had these files I wanted to remove:

- config.php

- forums/cache/*.php

there is more, but I can figure it out when someone tells me how to do those. I am using BitBucket with SourceTree.

2 answers

Hi

take a look at this article: https://help.github.com/articles/remove-sensitive-data

What's explained there applies also to BitBucket.

My suggestion is to go directly to the BFG paragraph. It's very easy to install and to use, and automates the procedure of cleaning unwanted files from the history. After BFG step, you need to follow the instructions to purge the local git repo.

Before trying anything make a copy of the entire repo in another dir on your pc, just in case...

Pay attention to the online caches that services like GitHub and BitBucket maintains.

If what you have to delete is not sensitive data, then you can simply force push your changes online, with

git push origin master --force

and repeat it for every branch whose history BFG has rewritten. Be aware that you are rewriting history on (possibly) public branches. If you share work with others, don't do that and instead do a regular commit to delete files (and leave the history untouched).

If you DO have sensitive data to delete (passwords, keys), then you should delete and recreate the repo on bitbucket before pushing the repo after BFG.

A last word of caution: if something goes wrong and you don't have a backup, you'll lose some data.

Hi Alex,

You can ignore the sensitive files and logs files from being commited to the repository by using the git ignore feature. Refer to the following documentation on using git ignore. You can also run the command git help gitignore to view all the available commands for the git ignore function.

Here is a sample of gitignore code:

config.php
forums/cache/*

Copy the code and save it in a file with .gitignore name and place it in your root directory.

Will this will work on files that are already versioned?

No..

Aafrin refers to the standard way to configure ignore patterns in a Git repository.

.gitignore files must be in place before you git add files. After committing, the changes will be recorded permanently in the repo, and the only way to delete them is "rewriting"history.

The approach outlined in my answer is one of the simplest, but keep in my mind that you should avoid it, unless you have strong reasons to do so (the only one I think of is when you commit really sensitive data, like passwords and keys).

When you want to remove unharmful unwanted files (like logs, executables, etc.), the best option is to do a commit that "reverts" changes. To do so, you simply delete unwanted files in your local repo, then stage the deletion and commit it the usual way.

That's what I thought. Thanks for the confirmation.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 06, 2018 in Bitbucket

Upgrade Best Practices

Hello! My name is Mark Askew and I am a Premier Support Engineer for products Bitbucket Server/Data Center, Fisheye & Crucible. Today, I want to bring the discussion that Jennifer, Matt, and ...

451 views 6 9
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you