Deleting sensitive data on Git

Oops, I did it. I committed sensitive API data to my own Github. All good, I learned how to remove it. How did I remove the commits and fix this issue?

• First, change the API keys and passwords.
• For handiness, copy the offending file to a Notepad temporarily while you delete file.
• Use git-filter-repo to rewrite the history of commits.

Guide

I used the Github Docs to help me through the process. I'm working on Windows, so I used pip to install git-filter-repo:

pip install git-filter-repo --user

The guide advises you to have a fresh clone of your project but I didn't have one so I force pushed the changes:

git filter-repo --invert-paths --path "src/folder/TheAffectedFile.jsx" --force

After this, I had to sync my local project with my remote Github repository:

git remote add origin https://github.com/OWNER/REPOSITORY.git

Finally, I could push the changes and the commit would be wiped!

git push origin --force --all

Conclusion

This wipes the file from your history. Hooray! But if you didn't save it temporarily then you might have a bad time trying to recreate it from memory.