Using BFG Repo Cleaner tool to remove sensitive files from your git repo

xanderbuck edited this page Jun 15, 2016 · 2 revisions

BFG Repo Cleaner is a tool that allows you to remove sensitive files from your git repo history. BFG assumes that the last commit in your HEAD branch is clean, and thus protects the last commit from being touched by the tool. All other commits in your HEAD branch will be wiped of the sensitive file. It should be noted that the tool provides an option to not touch the last commit of other branches in addition to your HEAD branch. This is explained below in step 4.B

For branches other than the HEAD branch, all commits will be wiped of the sensitive file including the last commit, if no other branches are specified to have their last commit protected.

  1. Download BFG using the following command in terminal: brew install bfg

  2. Clone a fresh copy of your repo, using the --mirror flag.

    git clone --mirror git://example.com/some-big-repo.git

    The mirror flag allows you to make a full copy of the Git database without actually copying down the files of the repo.

  3. Change directory (cd) into the repo folder you just cloned.

  4. To delete a sensitive file from your git history BUT keep this file in the last commit of your HEAD branch see option A.

    To delete a sensitive file from your git history BUT keep this file in the last commit of your HEAD branch AS WELL AS other branches you want to specify, see option B

    A. Run the following command to delete the sensitive file from your git history BUT keep this file in the last commit of your HEAD branch:

    bfg --delete-files <fileName.extension> <git repo name>.git

    An example of using this command to delete a file named "HelloWorld.txt" in a repo called "BluePic.git" is as follows:

    bfg --delete-files HelloWorld.txt BluePic.git

    B. If you would like to keep this file in the last commit of other branches in addition to the HEAD branch you can use the following command:

    bfg --delete-files <fileName.extension> --protect-blobs-from <branch name>,<branch name> <git repo name>.git

    An example of using this command to delete a file named "HelloWorld.txt" but keep it in the last commit of branches named "Branch1" and "Branch2" (in addition to the HEAD branch) in a repo called "BluePic.git" is as follows:

    bfg --delete-files HelloWorld.txt --protect-blobs-from Branch1,Branch2 BluePic.git

  5. After completing either option A or B of step 4, change directory (cd) into your repo's git folder. It should be named as <repo name>.git

  6. Run the following command:

    git reflog expire --expire=now --all && git gc --prune=now --aggressive

    This command will strip out the unwanted dirty data, which Git will now recognise as surplus to requirements

  7. Run git push to push the changes to remote

Thats it.

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.