Removing sensitive details from git history

In early stages of software development, it can sometimes be inviting to use a hard coded passwords for quick and dirty access. Later when the project has grown and has a more serious manner of handling authentication, you don’t want old passwords laying around in your git history. The history remains. Warning: Be sure to backup repo before trying this out!

So here is one way to replacing a password string to something else in git. An example: You have been using the password sUp3rs3cr3tpassw0rd┬ásince it’s actually a password you elsewhere you want it gone from your git history and replace by HIDDENPASS. This only works on one branch. ┬áSo a good idea is to get rid off all other branches and concentrate on the master branch.

This will go through the entire commit history of the branch replacing and rewriting the commit. Depending on the size your project this can take a very long time! It’s not a perfect solution, but it does the job. So lesson learned never use hard coded passwords in code or in a repository. A much better idea is to store it in a text file that never should be included in any commit.

If there’s a file you really want to get rid of in your commit history you can do something like this:

Although, keep in mind that all of these operations is a gateway to a world of merge conflicts for people that are syncing against the repository.

There is also another tool written in Scala that does this a lot faster, and can remove large blobs from the git history called BFG.



Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.