I have uploaded my project on GitHub public repo. But one of the files contains my password information. And there are several commits I have made already. How can I hide my password right from the initial commit?
There is no separate file for a password. So I can't use .gitignore in this case. A password is hardcoded in the app.py file which handles the main logic of the application. So, I can't use BFG Repo-Cleaner. Is it possible to delete the file and add a new one by overwriting the previous commit?
I have made the changes in the file and pushed in a repo. But still, previous commits shows my password information. Also, I am not interested in creating a new repo and deleting the old one(unless I have no other choice).
I would be glad if I get some help.
Thanks in advance.
GitHub has an article for exactly this. Check it out here. To sum up the article: you can use either the git filter-branch command or the BFG Repo-Cleaner. BFG Repo-Cleaner is easier and faster to use, so I use that. To use BFG Repo-Cleaner follow these steps:
brew install bfg--mirror flag:git clone --mirror git://example.com/some-big-repo.git
if using SSH or
git clone --mirror https://example.com/some-big-repo.git
if using HTTPS.
This is a bare repository so you won't be able to see your files but it will be a full copy of your repository with all commits.
java -jar bfg.jar --delete-files [FILE NAME] --no-blob-protection my-repo.git
or if installed to the PATH
bfg --delete-files [FILE NAME] --no-blob-protection my-repo.git
or to delete a password from an old commit
bfg --replace-text passwords.txt
git reflog expire --expire=now --all && git gc --prune=now --aggressive
and then
git gc
to strip out unwanted data that you don't want to push back up to your repo.
git push - note that, because you used the --mirror flag when cloning your repo, when you push back to your repo, you will also push back reference changes.To read up more about BFG Repo-Cleaner, visit this link.