84.28 Git Remove all Traces of a File

20190509 You can not actually guarantee to remove all traces of any file you uploaded to a git repository unless it is a private repository to which only you have access. For public repositories someone may have already downloaded the files or cloned the repository, or forked your repository. However, if you are quick enough you can limit the risk. The typical use case is when you have accidentally uploaded a file containing secret information, such as a password. After removing the file from you git repository it is still a good idea to change the exposed password.

Here we demonstrate the removal of all traces of a file named test/private.py from a git repository.

$ git rm test/private.py
$ git commit -m "Permanently remove this file."
$ git push
$ git filter-branch --force --index-filter \
  'git rm --cached --ignore-unmatch test/private.py' \
  --prune-empty --tag-name-filter cat -- --all

Rewrite 51c5....a070 (143/204) (...)    rm 'test/private.py'
Rewrite caf4....9d47 (143/204) (...)    rm 'test/private.py'

$ git push --all --force

The filter-branch command effectively finds all commits that include the file to remove, then removes the file. The prepartory three commands (rm, commit, push) may not be necessary.

After this process all traces of the contents of test/private.py are removed from the repository.

Your donation will support ongoing development and give you access to the PDF version of this book. Desktop Survival Guides include Data Science, GNU/Linux, and MLHub. Books available on Amazon include Data Mining with Rattle and Essentials of Data Science. Popular open source software includes rattle, wajig, and mlhub. Hosted by Togaware, a pioneer of free and open source software since 1984. Copyright © 1995-2021 Graham.Williams@togaware.com Creative Commons Attribution-ShareAlike 4.0.