Last active
November 5, 2018 10:57
-
-
Save boywijnmaalen/0f273e46ecbe0b8b2ae47d82fc969bde to your computer and use it in GitHub Desktop.
Removing sensitive data from a repository #CLI #GIT
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # source: https://help.github.com/articles/removing-sensitive-data-from-a-repository/ | |
| # these arguments will: | |
| # | |
| # force Git to process, but not check out, the entire history of every branch and tag | |
| # remove the specified file, as well as any empty commits generated as a result | |
| # overwrite your existing tags | |
| # | |
| # can only do one file at a time | |
| $ git filter-branch --force --index-filter \ | |
| 'git rm --cached --ignore-unmatch PATH-TO-YOUR-FILE-WITH-SENSITIVE-DATA' \ | |
| --prune-empty --tag-name-filter cat -- --all | |
| # once you're happy with the state of your repository, force-push your local changes to overwrite your GitHub repository, as well as all the branches you've pushed up: | |
| $ git push origin --force --all | |
| # in order to remove the sensitive file from your tagged releases, you'll also need to force-push against your Git tags: | |
| $ git push origin --force --tags | |
| # your collaborators need to rebase, not merge, any branches they created off of the old (tainted) repository history. | |
| # after some time has passed and you're confident that git filter-branch had no unintended side effects, you can force all objects in your local repository to be dereferenced and garbage collected with the following commands (using Git 1.8.5 or newer): | |
| $ git for-each-ref --format='delete %(refname)' refs/original | git update-ref --stdin | |
| $ git reflog expire --expire=now --all | |
| $ git gc --prune=now |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment