I have uploaded my project on GitHub public repo. But one of the files contains my password information. And there are several commits I have made already. How can I hide my password right from the initial commit?
There is no separate file for a password. So I can't use .gitignore in this case. A password is hardcoded in the app.py file which handles the main logic of the application. So, I can't use BFG Repo-Cleaner. Is it possible to delete the file and add a new one by overwriting the previous commit?
I have made the changes in the file and pushed in a repo. But still, previous commits shows my password information. Also, I am not interested in creating a new repo and deleting the old one(unless I have no other choice).
I would be glad if I get some help.
Thanks in advance.
GitHub has an article for exactly this. Check it out here. To sum up the article: you can use either the git filter-branch
command or the BFG Repo-Cleaner. BFG Repo-Cleaner is easier and faster to use, so I use that. To use BFG Repo-Cleaner follow these steps:
brew install bfg
--mirror
flag:git clone --mirror git://example.com/some-big-repo.git
if using SSH or
git clone --mirror https://example.com/some-big-repo.git
if using HTTPS.
This is a bare repository so you won't be able to see your files but it will be a full copy of your repository with all commits.
java -jar bfg.jar --delete-files [FILE NAME] --no-blob-protection my-repo.git
or if installed to the PATH
bfg --delete-files [FILE NAME] --no-blob-protection my-repo.git
or to delete a password from an old commit
bfg --replace-text passwords.txt
git reflog expire --expire=now --all && git gc --prune=now --aggressive
and then
git gc
to strip out unwanted data that you don't want to push back up to your repo.
git push
- note that, because you used the --mirror
flag when cloning your repo, when you push back to your repo, you will also push back reference changes.To read up more about BFG Repo-Cleaner, visit this link.
This is a comment (a good one, never mind). Answers should never be link-only. See why-do-i-need-50-reputation-to-comment-what-can-i-do-instead An answer should be valid even if the link goes down.
Thank you for editing and responding to feedback your answer is much more acceptable for this site, and suits the Q&A format. :)
Thank you, Patrick. I appreciate your efforts. I have to read this in detail. But I need that file which has password. Because that file handles main logic of my application. So I can't delete that file.
Hi Akshay C. I answered the question and here's a link to an answer which answers your question. stackoverflow.com/a/2397905
@PritamSangani Thank you so much for the detailed information on BFG Repo-Cleaner. But in this case, it won't be useful for me, because the password is saved in the same file which handles the main logic for the app. So I cannot delete this file. Is there a way to delete the file and upload a new one by overwriting the previous commit?