What if you found the secrets were published in the codes of github repository?
How to remove it entirely?
Below processes will do :
1. Remove the file containing secrets from all commits and branches in repository
1 | git filter-branch --force --index-filter \ |
Run this command to rewrite the commit history of the repository, removing any references to the given file. It’s important to note that this command can be destructive, so make sure you understand what it does before using it.
git filter-branch: Used to rewrite the Git revision history.
–force: Overrides some safety checks.
–index-filter: Specifies a filter that modifies the index, or staging area, of each commit. In this case, the filter is “git rm –cached –ignore-unmatch
“. “git rm –cached –ignore-unmatch
“ : Removes the specified file from the index, but not from the working tree. The –ignore-unmatch option prevents the command from failing if the file is not present in a particular commit.–prune-empty: Removes any empty commits that may be created as a result of removing the file.
–tag-name-filter cat: Specifies how to handle tags. In this case, it specifies that tags should be rewritten to point to the same commit as before.
– –all: Specifies that all branches and tags should be rewritten.
2. Update the .gitignore file
add the file containing secrets into .gitignore
then don’t forget to clean the cache with
1 | git rm --cached "path to the file" |
3. Push to Origin
1 | git push --alll --force |
Done!