Skip to content

Instantly share code, notes, and snippets.

@pjirsa

pjirsa/github-bfg-guide.md

Last active April 6, 2022 13:01
Show Gist options
  • Save pjirsa/d3b9abb5a60748ad9e07b7379d81b2f8 to your computer and use it in GitHub Desktop.
Save pjirsa/d3b9abb5a60748ad9e07b7379d81b2f8 to your computer and use it in GitHub Desktop.
Download ZIP
Remove secrets from Git history
Raw
github-bfg-guide.md

Oh NO! I accidentally committed a secret value to GitHub

Here is the procedure that works the best while being the least destructive

  1. Open the repo using a new Codespace
  2. Using the terminal, download BFG tool.
cd ..
curl https://repo1.maven.org/maven2/com/madgag/bfg/1.14.0/bfg-1.14.0.jar bfg.jar
  1. IMPORTANT Clone a mirror of the repo (the git database only) so we don't mess with any local files
git clone --mirror <https://github.com/orgname/repo>
  1. Create a search file containing the secret values to replace
secretvalue==>replacementvalue
  1. Run the BFG replace text command on the mirrored repo java -jar bfg.jar -rt secret.txt path-to-repo.git
  2. Now switch to the mirrored repo directory and clean up the reflogs git reflog expire --expire=now --all && git gc --prune=now --aggressive
  3. Finally, push the changes back to the remote. git push

How to search for strings across all branches and commits

git log -S "secretvalue" --all --source

References

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment