Remove sensitive files and their commits from Git history

Question

I would like to put a Git project on GitHub but it contains certain files with sensitive data (usernames and passwords, like /config/deploy.rb for capistrano).

I know I can add these filenames to .gitignore, but this would not remove their history within Git.

I also don't want to start over again by deleting the /.git directory.

Is there a way to remove all traces of a particular file in your Git history?

Answer 1

If you want to remove passwords from your repo's history, I recommend the BFG Repo-Cleaner, which is a faster, simpler alternative to git-filter-branch explicitly designed for removing private data from Git repos.

You have to create a private.txt file listing the passwords, etc, that you want to remove (one entry per line) and then run this command:

$ java -jar bfg.jar  --replace-text private.txt  my-repo.git

What it does is, it will scan all files under a threshold size (1MB by default) in your repo's history, and any matching string (that isn't in your latest commit) will be replaced with the string "***REMOVED***". 

Then you can then use git gc to clean away the dead data:

$ git gc --prune=now --aggressive

The BFG is typically 10-50x faster than running git-filter-branch and the options are simplified and tailored around these two common use-cases:

• Removing Crazy Big Files
• Removing Passwords, Credentials & other Private data