git logo

How to nuke your Git(Hub) commit history?

2 min read.

Ah – this was a fun one. I needed to figure out how to purge, flush and clear your commit history on GitHub. Turns out it isn’t as easy as clicking a button in the web user interface – the world is apparently not ready yet! 😁 Luckily, it wasn’t that complicated either – and the steps should work for other flavors of git as well.

Background

Table of Contents

Always remember to .gitignore your secrets, folks! And if you forget, pray you’re not committing to a public repository! And even if it’s a private one, purge the history afterwards.

So, yeah – I messed up. After recycling the secret I ended up committing in error, I decided to cleanse the world of my mistake, and figure out how to destroy the history of my repository without actually removing the repository itself. And then I decided to publicize my mishap, so that maybe others will learn from it :)

On a side note, it’s lucky I’m using an old-fashioned version control like git, because if this was on blockchain, the process would’ve been far more complicated!

Solution

Let’s jump into it and nuke your secrets or embarrassing code comments from the commit history! 😁

Time needed: 30 minutes.

How to remove your Git commit history?

  1. Remove all of your local git history


    In Windows:
    cd myrepo
    rmdir /S .git



    In whatever cool operating system the youngsters now use:
    cd myrepo
    rm -rf .git

  2. Init a new repository

    Now that the existing history has been destroyed

    git init
    git add .

  3. .gitignore your files

    At this point, your repository is empty with plenty of code to commit. This time, make sure NOT to commit anything you don’t want everyone else to see!

  4. Re-commit your data

    Okay, now you’re ready to commit your actual files.

    That can be done somewhat like this:
    git commit -m "Removed history, due to sensitive data"

  5. Push to remote

    The following will actually

    git remote add origin github.com/username/myrepo
    git push -u --force origin master


And there you go! Let me know how it goes for you, and which secret you ended up committing by mistake! 😁

For your information, mine was a token used in my Home Assistant configuration – I had .gitignored the secrets.yaml file, but I hadn’t properly removed some of the files Home Assistant generates – and one of them contains plenty of credentials. What fun.

References

mm
0 0 votes
Article Rating
Subscribe
Notify of
guest
2 Comments
most voted
newest oldest
Inline Feedbacks
View all comments