Subscribe

Removing a .env file from Git history

✍️

How to remove a file from git history altogether

10 Nov, 2021 · 2 min read

I'm sure this happens to everyone sometimes. You accidentally pushed a file with secrets or a password that shouldn't have gotten into the Git history.

In the following example, I "accidentally" pushed my .env file to Git simply because I forgot to add it to me .gitignore file.

Removing a secret file from Git history

Note: If you accidentally pushed secret keys to a repo, you should always revoke them and generate fresh keys!

Removing the file right away permalink

The best thing to do now is to remove the file right away and add it to your .gitignore file.

In my case, I added the following to the .gitignore.

# Secret file
.env

Let's try and push that to see what happens.

Gitignore doesn't work on existing files

Yep, the .gitignore file doesn't untracked already committed changes. So how can we fix this now?

Removing a file from Git only permalink

You can remove a file from Git by running the following command.

git rm -r --cached .env

If we then push this change, you will see that the file is gone in GitHub.

Removing a file from Git

However, this didn't completely solve our issue. If we look at our Git history, we can still find the file and expose the secrets!

Exposing secrets through Git history

Completely remove a file from Git history permalink

To remove the file altogether, we can use the following command.

git filter-branch --index-filter "git rm -rf --cached --ignore-unmatch .env" HEAD

You will get some warnings about this messing up your history as this goes through your whole history and 100% removes its occurrence.

To push this, you have to run the following command.

git push --force

If we look at our history, we can still see the commits that include this .env file, but the content is empty.

Fully removed file in Git

Few, thanks for having our back Git!

You can find the repo it tried this in on GitHub.

Thank you for reading, and let's connect! permalink

Thank you for reading my blog. Feel free to subscribe to my email newsletter and connect on Facebook or Twitter

Spread the knowledge with fellow developers on Twitter
Tweet this tip
Powered by Webmentions - Learn more

Read next 📖

Step by step guide to minting your Git commit as an NFT

18 Jan, 2022 · 4 min read

Step by step guide to minting your Git commit as an NFT

GitHub basics: What are actions?

23 Nov, 2021 · 5 min read

GitHub basics: What are actions?

Join 1365 devs and subscribe to my newsletter