Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Remove sensitive files from commit history

Back when I was first starting with Git, I pushed my config.php file and some unneeded cache files into the repo. I have seen that it is possible to use filter branch to remove unwanted files from history. So say I had these files I wanted to remove:

- config.php

- forums/cache/*.php

there is more, but I can figure it out when someone tells me how to do those. I am using BitBucket with SourceTree.

2 answers


take a look at this article:

What's explained there applies also to BitBucket.

My suggestion is to go directly to the BFG paragraph. It's very easy to install and to use, and automates the procedure of cleaning unwanted files from the history. After BFG step, you need to follow the instructions to purge the local git repo.

Before trying anything make a copy of the entire repo in another dir on your pc, just in case...

Pay attention to the online caches that services like GitHub and BitBucket maintains.

If what you have to delete is not sensitive data, then you can simply force push your changes online, with

git push origin master --force

and repeat it for every branch whose history BFG has rewritten. Be aware that you are rewriting history on (possibly) public branches. If you share work with others, don't do that and instead do a regular commit to delete files (and leave the history untouched).

If you DO have sensitive data to delete (passwords, keys), then you should delete and recreate the repo on bitbucket before pushing the repo after BFG.

A last word of caution: if something goes wrong and you don't have a backup, you'll lose some data.

Hi Alex,

You can ignore the sensitive files and logs files from being commited to the repository by using the git ignore feature. Refer to the following documentation on using git ignore. You can also run the command git help gitignore to view all the available commands for the git ignore function.

Here is a sample of gitignore code:


Copy the code and save it in a file with .gitignore name and place it in your root directory.

Will this will work on files that are already versioned?


Aafrin refers to the standard way to configure ignore patterns in a Git repository.

.gitignore files must be in place before you git add files. After committing, the changes will be recorded permanently in the repo, and the only way to delete them is "rewriting"history.

The approach outlined in my answer is one of the simplest, but keep in my mind that you should avoid it, unless you have strong reasons to do so (the only one I think of is when you commit really sensitive data, like passwords and keys).

When you want to remove unharmful unwanted files (like logs, executables, etc.), the best option is to do a commit that "reverts" changes. To do so, you simply delete unwanted files in your local repo, then stage the deletion and commit it the usual way.

That's what I thought. Thanks for the confirmation.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Bitbucket

Git push size limits are coming to Bitbucket Cloud starting April 4th, 2022

Beginning on April 4th, we will be implementing push limits. This means that your push cannot be completed if it is over 3.5 GB. If you do attempt to complete a push that is over 3.5 GB, it will fail...

2,924 views 3 10
Read article

Atlassian Community Events