2

I have been using github for one project for some time now, but only as a issue tracker. So, tonight I devoted some time to get things going with code as well, and made a rookie mistake: I committed credential files and other unnecessary data. I have added those to the .gitignore file now and they should be not an issue anymore, but I see they are available in the history.

That poses a security issue so I have to sort this out and remove that sensitive data there. I am the currently sole developer, so that's why I kept the code on my PC only and on the actual server, but wanted to get a hang of this as well.

So far, I have tried this article, this one as well and found some questions on SO, but haven't been able to figure this out. I mostly get some sort of error like this one: fatal: ambiguous argument 'rm': unknown revision or path not in the working tree.

I would delete the whole repo, but I have quite a lot of issue tracking data there, so I need to keep that, so this is not an option. I don't mind about other commits, I can start from scratch with code from my local machine, but need some way to lose older commits and their complete history, or change those files (some things in .gitignore are directories, so that might be very tedious to remove).

I tried with git rebase -i, but there I see only my last three commits (testing), which were not pushed, the remaining ones that are online, 10 or so of them don't show there.

The repo I am using is private one, with me and a client only having access, so no 3rd party has seen this.

I am new to git so thanks for your time and help!

Improve this question
2
  • Can you create a new repo, copy/paste the files you want there, then delete the old repo? Commented Jan 9, 2014 at 21:36
  • That would make me lose all of the issue tracking history, and there's quite a lot of discussions there, so I need to keep that. Commented Jan 9, 2014 at 21:37

4 Answers 4

Reset to default
7

First, here's the important bit: Consider your credentials compromised. Change them. No matter what you do at this point, they are no longer secure.

Now that yo've done that, you have a couple of options:

  • If you really just want to start from scratch, overwrite what's there with new commits using git push --force. This is likely your easiest path forward.

    git init <new-directory> $EDITOR README.md git add README.md git commit git remote add origin https://github.com/user/repo.git git push --force origin master

  • Alternatively, you can remove the credentials from the history with filter-branch, as outlined on the GitHub help page on removing sensitive data.

    Your ambiguous argument 'rm' error is likely to do with quoting the command properly. Make sure to quote it as it shows in the article.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thank you, this is what I ended doing. I understand the security risks, but since this is private repo, I should be safe, right? :)
Of course, it's up to you. But I'd still recommend changing them. Consider the "pain" of doing this, compared with the pain of some kind of breach down the road.
Of course, I will just in case do this during the weekend, get a new set of credentials for all areas to start this new year clean :)
2

IMHO, BFG (which is already mentioned on the GitHub help page you link to) is the best (easiest to use and fastest) tool for this. It's really as easy as the examples show. After rewriting your local history using BFG, force-push it to the server, and you're set.

Improve this answer

1 Comment

Thanks, but I really don't want Java on my PC anymore :) I managed to do this somehow with the filter-branch as well, but at the end decided to wipe everything and start clean, since no history is actualy important, 15 or so commits I had were just me playing with github.
1

I got the same ambiguous argument error too, when I was trying to run this command:

git filter-branch --force --index-filter \ 'git rm --cached --ignore-unmatch path\to\my\file.txt' \ --prune-empty --tag-name-filter cat -- --all

I was able to run it by changing single quotes to double quotes, and backslashes to slashes.

git filter-branch --force --index-filter \ "git rm --cached --ignore-unmatch path/to/my/file.txt" \ --prune-empty --tag-name-filter cat -- --all
Improve this answer

1 Comment

Yup, this was helpful with that error in mind, but I solved it via different way, as suggested in the answer I accepted. Thanks
0

Even that you had it for some time available it is enough to be a security thread. Deal with the real issue: you have leaked credentials and you have to change it first. After that the file on github will not have any value at all and you can leave it over there in history. To make it more clear why you should not even bother to remove it from github assume it was cached by search engines so anyone can get to that file even after it was removed from github.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.