Securing Your GitHub Repository: Safely Removing Files and Sensitive Information from Revision History

Photo by Juan Esteban Camacho on Unsplash

Consider the following scenario: during a GitHub commit, sensitive data is accidentally pushed to the repository. To rectify this, it’s crucial to remove the files both locally and from the repository history. Let’s first explore how to identify inadvertent commits of sensitive data.

Checking for Sensitive Data with Gitleaks

To initiate the process, install Gitleaks using the commands below based on your preferred method:

brew install gitleaks

After installation, navigate to the project’s root folder and execute the following command to identify and export any sensitive information:

gitleaks detect - report-path gitleaks-report.json

Removing Sensitive Files from Repository History

STEP 1: Clone the Repository Locally

Execute the following Git filter-branch command to remove files or folders:

git filter-branch --force --index-filter "git rm --cached --ignore-unmatch src/test/java/com/ishaileshmishra/io/Credentials.json" --prune-empty --tag-name-filter cat -- --all

Replace `path/to/file` with the relevant file path.

STEP 2: Force Push Changes to the Repository

git push origin -f - all

This step pushes the changes to the repository.

STEP 3: Force Push Tags

git push origin -f - tag

STEP 4: Verify Removal

Execute the following command to test if the file still exists on the path:

gitleaks

These steps ensure the secure removal of sensitive data from both local and repository history.