Written by James McDonald

November 19, 2019

If you follow the faqs on github it will say you can use bfg to remove sensitive data https://help.github.com/en/github/authenticating-to-github/removing-sensitive-data-from-a-repository

Here are my learnings

bfg has to be run from the root of the git repository

i.e. you can’t cd into the directory with the sensitive file and then run the following to specify the exact file to delete

bfg --delete-files ./YOUR-FILE-WITH-SENSITIVE-DATA

So you need to get a list of the files to delete first and then pass the filenames to bfg at the top level of the repo and also without any path information

Watch out for duplicate filenames!

Because of the above if the filename exists elsewhere in the repository it will remove all files with that name from history.

bfg --delete-files addMeetingMockStore.js
bfg --delete-files asyncActionsMockStore.js
bfg --delete-files loadMeetingPartsToCake.js
bfg --delete-files meetingPartsById.js
bfg --delete-files stateWithMeetingNotes.js

The above will scan the repo for any files with the above name and remove the history of them all as if they never existed… except:

bfg will not remove the files from the current commit

You will get notification that a file name is in a protected commit. So you need to do a git rm filename and manually commit the file delete because bfg will not remove a file from the current HEAD

Once you have run bfg and followed it’s recommendation to run git reflog…

BFG run is complete! When ready, run: git reflog expire --expire=now --all && git gc --prune=now --aggressive

When you go to push the results back to github it will be rejected because the histories now are not common (because an entire file or files have been removed from the repo) and you need to force it

git push -f origin master

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.

You May Also Like…

Squarespace Image Export

To gain continued access to your Squarespace website images after cancelling your subscription you have several...

MySQL 8.x GRANT ALL STATEMENT

-- CREATE CREATE USER 'tgnrestoreuser'@'localhost' IDENTIFIED BY 'AppleSauceLoveBird2024'; GRANT ALL PRIVILEGES ON...

Exetel Opt-Out of CGNAT

If your port forwards and inbound and/or outbound site-to-site VPN's have failed when switching to Exetel due to their...