Deleting sensitive data on Git

Oops, I did it. I committed sensitive API data to my own Github. All good, I learned how to remove it. How did I remove the commits and fix this issue?

• First, change the API keys and passwords.
• For handiness, copy the offending file to a Notepad temporarily while you delete file.
• Use git-filter-repo to rewrite the history of commits.

Guide

I used the Github Docs to help me through the process. I'm working on Windows, so I used pipx to install git-filter-repo:

pipx install git-filter-repo

The guide advises you to have a fresh clone of your project but I didn't have one so I force pushed the changes:

git-filter-repo --sensitive-data-removal --invert-paths --path "src/folder/TheAffectedFile.jsx"

After this, I had to sync my local project with my remote Github repository and push the changes:

git push --force --mirror origin

Conclusion

This wipes the file from your history. Hooray! But if you didn't save it temporarily then you might have a bad time trying to recreate it from memory.