How to clean sensitive stuff out of a repo with BFG

gistfile1.txt

# Check for secrets/passwords in a given repo https://github.com/dxa4481/truffleHog
truffleHog --regex --entropy=False https://github.com/gravitymonkey/your-service.git

# trufflehog is good, but there are a lot of tools for this kind of thing, maybe you want to use more than one!

# If it's got some bad stuff going on :( then you can fix it with BFG!

# before you do all of this, especially if you're going to edit old commits with BFG
# BE SURE TO LET THE USERS KNOW, so that they can keep the branch clean and know that they 
# will need to update after this process is over

# Copy the repo you want to mess with (put it someplace save, like -not- over your working copy)
git clone --mirror https://github.com/gravitymonkey/your-service.git

# create a text file named passwords.txt (or whatever) and include the text you'd like to remove from your repo

# grab BFG (it's a jar) from https://rtyley.github.io/bfg-repo-cleaner/
# Run BFG using passwords.txt which list all the strings you are replacing

java -jar bfg-1.13.0.jar --replace-text passwords.txt your-service.git/

# confirm what happened by checking the output of BFG
# look in ./your-service.git.bfg-report/{today's date}/{other metadata}/changed-files.txt

# If it's all good, then push it back up to github

# First Move into the directory
cd your-service.git

# Reflog and push
git reflog expire --expire=now --all && git gc --prune=now --aggressive
git push

# This will issue a bunch of updates up and down your history, esp. if the **REMOVED** string
# is in a lot of commits over time -- and if you have CI setup, might fire off THOUSANDS of builds.

# Then, end users - might run into issues, and see 'fatal: refusing to merge unrelated histories'
# you can either clone again, or even do this on the primary branch:

git rest --hard origin/develop

git rest --hard origin/develop should be git reset --hard origin/develop