45

I pushed a file containing a password to my repo by mistake - FYI the repo is just a small personal project.

Once I realised the password was present I added the file to .gitignore and executed git rm -r --cached <filename>, committed and pushed to the repo.

I now realise the password is still present in the history - what is the best way to remove it?

I read the Remove sensitive data page on Github which suggests changing the password - which I have done - but I would like to remove the history as well.

Improve this question
4
  • How many commits have already gone on top of the password commit in your remote? Commented Apr 20, 2015 at 7:34
  • I have 5 commits after the one containing the password Commented Apr 20, 2015 at 7:39
  • And one more question: is there anything else which went into the password commit other than the password file itself? Commented Apr 20, 2015 at 7:40
  • Yes, in that commit other things were added too, thanks Commented Apr 20, 2015 at 7:41

3 Answers 3

Reset to default
70

Since you have already made 5 commits since the commit containing the clear text password, you best bet is to do a git rebase -i in interactive mode on your local branch. Find the SHA-1 of the commit where you added the clear text password, and type the following:

git rebase --interactive dba507c^

where dba507c are the first 7 characters of the SHA-1 for the bad commit.

Change this:

pick dba507c comment for commit containing clear text password

To this:

edit dba507c I have removed the clear text password

Make the change to the password file to remove the clear text, then commit your result like this:

git commit --all --amend --no-edit git rebase --continue

Finish the rebase, then push your (correct) local branch to the remote via:

git push -f origin your_branch

You will need to force push your_branch because you have rewritten history (by modifying the password file). Now you have all your latest commits, but you have removed the clear text.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

For future reference, if you had caught the clear text commit before making any others in your remote, you could have fixed it with a one-line solution.
If you are trying to change something in your first commit start off with git rebase [-i] --root $tip instead
This answer, as well as this one are both of great value for the community. Thanks guys, +1.
21

If it was the previous commmit, then remove the password from the file and run

git add file_with_pwd git commit --amend git push -f origin master

Note: Once you posted that here on Stackoverflow, many guys may have already cloned the repo (you have the same username on github and just one repository). Change the password!

Improve this answer

5 Comments

Upvote for picking up that security hole (I have not cloned that repo FYI).
I did, but I will not harm the OP in any case. I did it just to show him that he needs to change the password, since other guys probably won't tell him that.
page on Github which suggests changing the password - which I have done - May be useful to future readers, not the OP.
As mentioned in my original post I have changed the password. FYI it isn't the previous commit
@NRKirby Perfect! I have overlooked that. Will keep the answer to help others.
0

You can use git reset --soft in your branch to undo that last commit.
Then remove the creds from the respective files.
And do the command sequence git add <updated-file>, git commit, and git push -f.
E.g:

git checkout <branch-name> git reset --soft HEAD~1 git add <updated-file> git commit -m "commit message" git push -f origin <branch-name>
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.