How to remove extra sensitive information from git commits and history
Many times unknowingly we forget to remove sensitive information to files and directories and send them into Git. Git being the version control system saves everything into the system. So if you add a password to a file which you can’t really change in the future, Git will store the password forever. Even if you try to delete the password in the current
HEADthe information will stay there forever. This way the hackers can take down your system. Similar thing happened to me when I launched JekLog( No longer available), which was a blog creating platform using Jekyll and GitHub pages. I recommend using Siteleaf instead. I was using GitHub API for the web application. As the app was made by using Django( web development app of python), everything was needed to be saved in the settings.py file. I accidentally committed the files and pushed them to the GitHub pages. The files contained the password of my Gmail account. Thanks to google who saved my account from being hacked by sending a email to me about the suspense activity. After few days I found the damage done. I found the passwords written in my settings file. The damage was already done. I tried to find the solution. I found two solutions:
- BFG Repo-Cleaner
- git filter-branch
$ cd YOUR_GIT_REPO_PATH
$ git filter-branch --force --index-filter \ 'git rm --cached --ignore-unmatch <em>PATH-TO-YOUR-FILE-WITH-SENSITIVE-DATA</em>' \ --prune-empty --tag-name-filter cat -- --all
$ git push origin --force --allYou have to take care of all the forks too in the same way. From now onwards take a good care of such accidents by adding the special files to gitignore file. Otherwise, you can make use of ENV variables. Goodbye! Until the next time.
Did you enjoy reading or think it can be improved? Don’t forget to leave your thoughts in the comments section below! If you liked this article, please share it with your friends, and read a few more!