This post was most recently updated on February 7th, 2022.2 min read.
Ah – this was a fun one. I needed to figure out how to purge, flush and clear your commit history on GitHub. Turns out it isn’t as easy as clicking a button in the web user interface – the world is apparently not ready yet! 😁 Luckily, it wasn’t that complicated either – and the steps should work for other flavors of git as well.
Always remember to .gitignore your secrets, folks! And if you forget, pray you’re not committing to a public repository! And even if it’s a private one, purge the history afterward.
So, yeah – I messed up. After recycling the secret I ended up committing in error, I decided to cleanse the world of my mistake, and figure out how to destroy the history of my repository without actually removing the repository itself. And then I decided to publicize my mishap so that others might learn from it :)
On a side note, it’s lucky I’m using an old-fashioned version control like git, because if this was on blockchain, the process would’ve been far more complicated!
Let’s jump into it and nuke your secrets or embarrassing code comments from the commit history! 😁
Time needed: 30 minutes.
How to remove your Git commit history?
- Remove all of your local git history
rmdir /S .git
In whatever cool operating system the youngsters now use:
rm -rf .git
- Init a new repository
Now that the existing history has been destroyed
git add .
- .gitignore your files
At this point, your repository is empty with plenty of code to commit. This time, make sure NOT to commit anything you don’t want everyone else to see!
- Re-commit your data
Okay, now you’re ready to commit your actual files.
That can be done somewhat like this:
git commit -m "Removed history, due to sensitive data"
- Push to remote
The following will actually
git remote add origin github.com/username/myrepo
git push -u --force origin master
And there you go! Let me know how it goes for you, and which secret you ended up committing by mistake! 😁
For your information, mine was a token used in my Home Assistant configuration – I had .gitignored the secrets.yaml file, but I hadn’t properly removed some of the files Home Assistant generates – and one of them contains plenty of credentials. What fun.