Remove sensitive files from commit history

Alexander Riggs February 3, 2014

Back when I was first starting with Git, I pushed my config.php file and some unneeded cache files into the repo. I have seen that it is possible to use filter branch to remove unwanted files from history. So say I had these files I wanted to remove:

- config.php

- forums/cache/*.php

there is more, but I can figure it out when someone tells me how to do those. I am using BitBucket with SourceTree.

2 answers

2 votes
Paolo Furini February 3, 2014

Hi

take a look at this article: https://help.github.com/articles/remove-sensitive-data

What's explained there applies also to BitBucket.

My suggestion is to go directly to the BFG paragraph. It's very easy to install and to use, and automates the procedure of cleaning unwanted files from the history. After BFG step, you need to follow the instructions to purge the local git repo.

Before trying anything make a copy of the entire repo in another dir on your pc, just in case...

Pay attention to the online caches that services like GitHub and BitBucket maintains.

If what you have to delete is not sensitive data, then you can simply force push your changes online, with

git push origin master --force

and repeat it for every branch whose history BFG has rewritten. Be aware that you are rewriting history on (possibly) public branches. If you share work with others, don't do that and instead do a regular commit to delete files (and leave the history untouched).

If you DO have sensitive data to delete (passwords, keys), then you should delete and recreate the repo on bitbucket before pushing the repo after BFG.

A last word of caution: if something goes wrong and you don't have a backup, you'll lose some data.

0 votes
AafrinA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 5, 2014

Hi Alex,

You can ignore the sensitive files and logs files from being commited to the repository by using the git ignore feature. Refer to the following documentation on using git ignore. You can also run the command git help gitignore to view all the available commands for the git ignore function.

Here is a sample of gitignore code:

config.php
forums/cache/*

Copy the code and save it in a file with .gitignore name and place it in your root directory.

Seth
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 5, 2014

Will this will work on files that are already versioned?

Paolo Furini February 5, 2014

No..

Aafrin refers to the standard way to configure ignore patterns in a Git repository.

.gitignore files must be in place before you git add files. After committing, the changes will be recorded permanently in the repo, and the only way to delete them is "rewriting"history.

The approach outlined in my answer is one of the simplest, but keep in my mind that you should avoid it, unless you have strong reasons to do so (the only one I think of is when you commit really sensitive data, like passwords and keys).

When you want to remove unharmful unwanted files (like logs, executables, etc.), the best option is to do a commit that "reverts" changes. To do so, you simply delete unwanted files in your local repo, then stage the deletion and commit it the usual way.

Seth
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 5, 2014

That's what I thought. Thanks for the confirmation.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events