Accidentally committing sensitive information (e.g., passwords, API keys, or personal data) to a Git repository can have serious consequences. However, Git provides tools to remove sensitive data from the repository's history. Below, we explain the steps to address this issue and provide examples.

1. Remove Sensitive Information from the Latest Commit

If the sensitive information was committed in the latest commit and has not been pushed to a remote repository, you can amend the commit to remove the data.

Steps to Amend the Latest Commit

  1. Remove the sensitive information: Edit the file(s) to remove the sensitive data.
  2. Stage the changes: Add the modified file(s) to the staging area.

    3. git add sensitive-file.txt
  3. Amend the commit: Use git commit --amend to update the latest commit.

    4. git commit --amend

2. Remove Sensitive Information from Past Commits

If the sensitive information was committed in past commits or has already been pushed to a remote repository, you need to rewrite the repository's history to remove the data. Tools like git filter-repo or BFG Repo-Cleaner can help with this.

Steps to Remove Sensitive Information Using git filter-repo

  1. Install git filter-repo: Download and install git filter-repo from github.com/newren/git-filter-repo.
  2. Run git filter-repo: Use git filter-repo to remove the sensitive information.

    3. git filter-repo --invert-paths --path sensitive-file.txt
  3. Force push the changes: Push the rewritten history to the remote repository.

    4. git push origin --force --all
    git push origin --force --tags

Steps to Remove Sensitive Information Using BFG Repo-Cleaner

  1. Download BFG Repo-Cleaner: Download the latest version from rtyley.github.io/bfg-repo-cleaner.
  2. Run BFG Repo-Cleaner: Use BFG to remove the sensitive information.

    3. java -jar bfg.jar --delete-files sensitive-file.txt
  3. Clean up the repository: Use Git's garbage collection to remove the old commits.

    4. git reflog expire --expire=now --all
    git gc --prune=now --aggressive
  4. Force push the changes: Push the rewritten history to the remote repository.

    5. git push origin --force --all
    git push origin --force --tags

3. Rotate Compromised Credentials

If sensitive credentials (e.g., passwords or API keys) were exposed, rotate them immediately to prevent unauthorized access.

Example of Rotating Credentials


# Generate a new API key
new_api_key=$(openssl rand -hex 32)

# Update the application with the new API key
echo "API_KEY=$new_api_key" > .env

4. Prevent Future Accidents

To avoid committing sensitive information in the future, use a .gitignore file to exclude sensitive files and consider using tools like pre-commit to run checks before commits. Additionally, educate your team about best practices for handling sensitive data.

Example of a .gitignore File


# Ignore environment files
.env
# Ignore API keys
api_keys.json

Conclusion

Committing sensitive information can lead to serious security risks. By following the steps outlined above, you can effectively remove sensitive data from your Git history and mitigate potential damage. Always remember to rotate any exposed credentials and implement preventive measures to avoid future incidents.