Removing sensitive commits from GitHub


A collaborator pushed a file full of passwords to GitHub. While I’ve rebased and removed it from local copies of the repo, GitHub still hosts the errant commit and anyone looking for it could find it.

How does one remove a commit from GitHub?

:wave: Welcome back :slight_smile:

Sorry this has happened to you!

This article here should run through everything you need:

But also: as soon as you’ve committed any kind of credential, it’s best to consider it compromised.