Archives: October 2014

1 article

Nuke (remove all traces) of a file in Git history


First note: if you are not alone on the project, consult with your colleagues before doing this. Because we are about to rewrite history and other contributors will be forced to manually rewrite their history too.

Second note: if what you want to remove is sensitive material (e.g. passwords), consider everything compromised. Unless you are 100% sure that absolutely no one has had any access to your repository. And you are not, are you? Even with your super-secure unbreakable security measures... No, you are not.

Okay, you have been warned.

Let's say we want to remove all traces of a file named "hardcoded_passphrase.txt". We need the sha1 of the commit where this file first appeared. If you don't know, just use the first commit. In this example, the sha1 is bb9c2d4:

$ git filter-branch --index-filter 'git update-index --remove path/to/hardcoded_passphrase.txt' bb9c2d4..HEAD
$ git push --force --verbose --dry-run
$ git push --force