Remove Sensitive Data and Commits from Git History with BFG Repo-Cleaner

Earlier today, I accidentally committed a sensitive data of a project I was working on to a public Github repository.

To remove every trace of that data on Github, I had to remove all history of the file that contained the said data.

In this succinct article, I will show us how to remove or delete all Git history of a file on Github using BFG Repo-Cleaner

Note: BFG Repo-Cleaner do not clean-up the latest commit and assume it is the good one that doesn’t contain the sensitive data.

The instruction below is also applicable to other Git hosting services such as Bitbucket or a privately own Git server.

We assume your Git repo is at https://github.com/w3guy/app.git.

Firstly, head over to rtyley.github.io/bfg-repo-cleaner and download BFG Repo-Cleaner by clicking the Download .jar file button at the fight-sidebar.

Create a new directory where the below shebang will take place.

Copy the .jar file you downloaded and rename to bfg.jar

Open your terminal, cd into the created folder and clone a fresh copy of your repo, using the --mirror flag:

Instruct BFG Repo-Cleaner to remove for example, all config.php files history from the repository leaving the current.

An app.git folder will be created.

CD into the folder.

And run the command below.

Finally, push the changes to GitHub.

The End.