How do I remove sensitive data from my repository? #22781
-
Please assist a newbie? I need to remove google-services.json and a directory named environments. I don’t see them in the master branch but I can still view the history on previous commits, can see the contents of the files with diff. I want them GONE. Not even diffs. So I found this document. Removing sensitive data from a repository - GitHub DocsI used the BFG Repo-Cleaner, environment is Cygwin.
Then did a Push in GitHub desktop. It appears to have completed successfully, but when I load up the history on GitHub.com, I can still see the old commit, can still view the contents. Also tried filter-branch. Same result after a push. Please assist.
|
Beta Was this translation helpful? Give feedback.
Replies: 4 comments
-
Are you doing a forced push or regular push? |
Beta Was this translation helpful? Give feedback.
-
Forced on CLI and regular on GitHub Desktop. First cloned using GitHub Desktop. It is a young repository and I can re-create it without too much headache, if there is no other option. Strange though that there is apparently no way to do this. |
Beta Was this translation helpful? Give feedback.
-
BetterAutomations:
Do you mean that it’s still part of the commit history of the branch, or that a direct link to the commit still works? In the former case you probably missed something while cleaning. The latter case is to be expected, that’s why the documentation you linked recommends contacting Github support after cleaning up the history so they can remove the commits from any caches. Note that you should consider the data compromised anyway, so you should change any passwords, tokens, API keys and the like. |
Beta Was this translation helpful? Give feedback.
-
airtower-luna:
Yes, a direct link to the commit still works. So I will ask Github support to clean up. Didn’t notice that the first time I read the docs, even though it’s in red. My wife says I miss things right in front of me, too. |
Beta Was this translation helpful? Give feedback.
Do you mean that it’s still part of the commit history of the branch, or that a direct link to the commit still works? In the former case you probably missed something while cleaning. The latter case is to be expected, that’s why the documentation you linked recommends contacting Github support after cleaning up the history so they can remove the commits from any caches.
Note that you should consider the data compromised anyway, so you should change any passwords, tokens, API keys and the like.⚠️