So let’s say I pushed a password by accident. So I do a new push and remove it. But I want to remove the history showing the password. I tried this doc and it totally did not work. The history is still there. How do I fix it??
What type of computer do you use?
I’m on a Windows machine.
Check out this doc: https://docs.github.com/en/free-pro-team@latest/github/managing-large-files/removing-files-from-a-repositorys-history it should help
Okay so I finally got it to work by using BFG Repo-Cleaner and now I’m down a rabbit hole of “deny updating a hidden ref” for some refs/pulls/#/head, any idea how to fix those? I’m the only one using this repo so how do I … stop the pulls
Dude sorry to come here late.
Just do this this thing.
git reset HEAD~ This command will delete the last commit history. also THIS COMMAND DON’T DELETE ANY FILE means this command delete the commits without messing the files. SO if you accidently pushed just use this. This will remove the last commit you can use number like
git reset HEAD~2 To remove 2 last commit history. Without messing any file.
Now when the commits are deleted edit file and recommit normally.
git add . git commit -m "Your some ramdom message"
Now push it normally.
Now when you push it says that your remote has different history(as you removed the history.)
Now just use this command.
git push --force It will push all your branches and reset any history in all remote. And sync your local correct histroy with remote.
You commit is deleted(containing pasword) and replaced with new one. Now no one can see your password.
That is unfortunately not true, as the documentation on Removing sensitive data from a repository describes:
However, it’s important to note that those commits may still be accessible in any clones or forks of your repository, directly via their SHA-1 hashes in cached views on GitHub, and through any pull requests that reference them.
You’ll need to contact Github Support and ask them to remove any such cached data for your repository. However, even after doing that you should consider any accidentally pushed password or other secret compromised and change it.
He didn’t writes that it’s sensitive data and he wanted to remove from GitHub server. As I understand he said he wanted to remove it from history (commit history). May be I’m wrong.
Anyway thanks for your reply.
I think a password usually qualifies as “sensitive data”, and the initial post said it was pushed.
Either way, changing that password will be the most important action to take here.