DEV Community

Cover image for How to remove your secrets from your Git repository?
Brice Friha
Brice Friha

Posted on

How to remove your secrets from your Git repository?

#git #programming #security

[you can skip the intro and copy the command line directly, I'm just pretending being a writer here]

It happened once, at some point in my career, that someone in my team may or may not have pushed a settings file containing secrets to our remote repo (look at that dude, being vague, trying not to get his colleagues in trouble). When I discovered that, I was in panic mode. but then I've found a perfect solution that would erase this file from ever existing on the your repo.

Since I had to reuse this a couple of other times later (sometimes when I f-ed up myself) I thought it would be a good idea to document it... then 1565168 years has passed and here I am today...

How do one erase their cringiness of the past from their repository

This instruction aims at deleting a file containing a secret forever from a repo, if you hardcoded a secret to a file that you still need to your repo, I can't do anything for you... but also, Chat GPT might have told you to do it so I think you have bigger fish to fry

Let's checkout on to the branch that has this file (it's better if it's your master branch but you do whatever I'm not your dad):
git checkout main

If you are to afraid of making a mess, that's fair, you can even create a branch from this branch:
git checkout -B main/imayfckup

After this, let's remove that config file:
git filter-branch --force --index-filter "git rm --cached --ignore-unmatch /path/to/my/onlyfans/credentials.json" --prune-empty --tag-name-filter cat -- --all

replace the path with your own when you copy/paste, please don't be this person (aka me when I 'read' docs)
It's gonna take a long time, surely enough time to go in the corner and think about what you've done.

Now, come back to your desk, and let's add the file to your .gitignore file:
echo "/path/to/my/onlyfans/credentials.json" >> .gitignore

we stage:
git add .gitignore

We commit:
git commit -M "my mommy will never find out"

To end with, let' do something ugly and push force the crap out of the changes (forgive me father for all my sins)
git push origin --force --all

and that's it.
NOW:
it's very important you rebase all the branches that depend on this branch. Not merge I said rebase, otherwise this file will comeback to hunt you, like the Grammarly subscription I forgot to cancel months ago

Conclusion

... Just kidding!
there is no point writing conclusion it's a tutorial not an essay.

That's all, have a nice day!

Top comments (0)

Read next

quentez profile image

BAQ: The federated app platform

Quentin Calvez -

pvsdev profile image

Time to refactor legacy with OOP

Alexandra Kochetkova -

umairqa profile image

Git Deep Dive: Understanding the Magic Behind Its Internals

Umair QA -

bizmavenhub profile image

5 Amazing APIs That You Should Use In Your Project

Biz Maven -