Securing Your GitHub Repository: Safely Removing Files and Sensitive Information from Revision History
Consider the following scenario: during a GitHub commit, sensitive data is accidentally pushed to the repository. To rectify this, it’s crucial to remove the files both locally and from the repository history. Let’s first explore how to identify inadvertent commits of sensitive data.
Checking for Sensitive Data with Gitleaks
To initiate the process, install Gitleaks using the commands below based on your preferred method:
brew install gitleaks
After installation, navigate to the project’s root folder and execute the following command to identify and export any sensitive information:
gitleaks detect - report-path gitleaks-report.json
Removing Sensitive Files from Repository History
STEP 1: Clone the Repository Locally
Execute the following Git filter-branch command to remove files or folders:
git filter-branch --force --index-filter "git rm --cached --ignore-unmatch src/test/java/com/ishaileshmishra/io/Credentials.json" --prune-empty --tag-name-filter cat -- --all
Replace `path/to/file` with the relevant file path.
STEP 2: Force Push Changes to the Repository
git push origin -f - all
This step pushes the changes to the repository.
STEP 3: Force Push Tags
git push origin -f - tag
STEP 4: Verify Removal
Execute the following command to test if the file still exists on the path:
gitleaks
These steps ensure the secure removal of sensitive data from both local and repository history.