Accidental commits can be tricky to remove with Git. In this GitHub Skills course, you'll use BFG Repo-Cleaner to change the history of a Git repository. You can apply what you learn in this course to fully remove sensitive material from your own repository.
Welcome to "Change commit history"! 👋
We'll start by working with .env files. These files usually contain sensitive content. For this course, we'll work on removing that file and all traces in the Git history. The first step is to remove the file from repository. We'll alter the history later.
We'll assume you're using the command line, but you can complete the course using your preferred tooling.
What is sensitive content? Sensitive content is anything that is checked into your repository history that may put you or your organization at risk. This content usually comes in the form of credentials (i.e., passwords, access keys). The best practice for accidentally exposed sensitive content is to invalidate it (i.e., revoke a personal access token), completely remove it from all repository copies, and take measures to prevent future exposure.
See Deleting a file on GitHub Docs if you need additional help removing a file.
- Open your terminal of choice, clone this repository, and switch to your repository directory.
git clone <your-repository-url> cd <your-repository-name>
- Delete
.envfrom the root directory.git rm .env
- Commit the removal of
.env.git commit -m "remove .env file" - Push the removal to GitHub:
git push
- Wait about 20 seconds then refresh this page (the one you're following instructions from). GitHub Actions will automatically update to the next step.
Get help: Post in our discussion board • Review the GitHub status page
© 2024 GitHub • Code of Conduct • MIT License