DEV Community: Raghunathan R The latest articles on DEV Community by Raghunathan R (@raghunathan_r). https://dev.to/raghunathan_r https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F536770%2Fa52ee774-c59c-46d4-a805-29263298ba01.png DEV Community: Raghunathan R https://dev.to/raghunathan_r en How to remove a sensitive file from GitHub Raghunathan R Fri, 29 Jan 2021 13:48:23 +0000 https://dev.to/raghunathan_r/how-to-remove-a-sensitive-file-from-github-1o64 https://dev.to/raghunathan_r/how-to-remove-a-sensitive-file-from-github-1o64 <p>Yes! this has happened to most of the people, especially when we are just starting. We accidentally commit sensitive data to GitHub. We forget to gitignore our config file containing database passwords or API keys or jwt secrets. And we immediately start to panic.</p> <p>This happened to me a couple of days ago. I forgot to ignore my default JSON file that contained my database connection password and jwt secret. I had just gotten a feature to finally work and in the excitement, I immediately committed and pushed to GitHub. I only realized my error when I got a notification from GitGuardian that my latest commit contained secret keys.</p> <p>If you find yourself in the same position, the first thing you do is change the visibility of the repo. So, if it's a public repo, make it private. This way, you're sure no one else sees the file while you're working on deleting it.</p> <p>Next thing, if you aren't already in the project folder, cd into it on git bash or whatever terminal you are using. Let's assume my project folder is My-Project and I have a file named secretFile.json I want to delete.</p> <p><code>cd My-Project</code></p> <p>then run the following command. You have to include the path to the file and not just the file name.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>git filter-branch --force --index-filter \ "git rm --cached --ignore-unmatch config/secretFile.json" \ --prune-empty --tag-name-filter cat -- --all </code></pre> </div> <p>replacing config/secretFile.json with the path to the file you want to be removed. In my case, secretFile.json is inside of a folder named config.</p> <p>Note: The command above deletes the file from your local repository too, so ensure you have copied the content to a notepad or whatever you use before running the command.</p> <p>Then create and add your file to .gitignore so you don't accidentally push it to GitHub again. You can do that with</p> <p><code>echo "name-of-your-file" &gt;&gt; .gitignore</code></p> <p><code>git add .gitignore</code></p> <p><code>git commit -m 'add file to .gitignore'</code></p> <p>Once you are satisfied with your changes, you can then push them to GitHub</p> <p><code>git push origin --force --all</code></p> <p>And that's it! Your repo history is clean without any trace of your sensitive file.</p> <p>Thanks for reading.</p> github codenewbie