GNU/Linux Desktop Survival Guide
by Graham Williams
Git Remove all Traces of a File
20190509 You can not actually guarantee to remove all traces of any file you uploaded to a git repository unless it is a private repository to which only you have access. For public repositories someone may have already downloaded the files or cloned the repository, or forked your repository. However, if you are quick enough you can limit the risk. The typical use case is when you have accidentally uploaded a file containing secret information, such as a password. After removing the file from you git repository it is still a good idea to change the exposed password.
Here we demonstrate the removal of all traces of a file named
test/private.py from git repository.
$ git rm test/private.py $ git commit -m "Permanently remove this file." $ git push $ git filter-branch --force --index-filter \ 'git rm --cached --ignore-unmatch test/private.py' \ --prune-empty --tag-name-filter cat -- --all Rewrite 51c5....a070 (143/204) (...) rm 'test/private.py' Rewrite caf4....9d47 (143/204) (...) rm 'test/private.py' [...] $ git push --all --force
The filter-branch command effectively finds all commits that include the file to remove, then removes the file. The prepartory three commands (rm, commit, push) may not be necessary.
After this process all traces of the contents of test/private.py are removed from the repository.