Remove Sensitive Data from GitHub
In this tutorial we are going to be using nix-shell so we do not have to install any dependencies on our machines.
- Run the below command to start a nix-shell with the needed tools.
1
nix-shell -p openjdk17-bootstrap git bfg-repo-cleaner
- Once inside the nix-shell clone the repo with the
--mirrorcommand.
1
git clone --mirror https://github.com/org/reponame.git
- Create a passwords.txt file containing all sensitive data that needs to be removed from the repository.
1
nano passwords.txt
- Run the command to remove the passwords from git history.
1
bfg --replace-text passwords.txt reponame.git
- cd into the repo directory and force git to push back to github.
1
2
cd reponame.git
git push --force
- cd back out of the directory and delete the repo folder and passwords.txt file. You will be left with a .bfg-report you can use to see what was changed. This can be deleted as well once done.
If any sensitive data was included inside of a PR you will need to open a ticket with github asking them to remove the PR data from there end.
More information can be found here: Removing sensitive data from a repository - GitHub Docs
This post is licensed under CC BY 4.0 by the author.