CommandCross-platform

Curse Breaker

Remove Sensitive Data from Git History

Completely removes a file from your entire Git history. Essential for removing accidentally committed secrets, API keys, or sensitive data.

Primary Scroll (git filter-branch)

git filter-branch --force --index-filter "git rm --cached --ignore-unmatch PATH_TO_FILE" --prune-empty --tag-name-filter cat -- --all

Modern Alternative (BFG Repo-Cleaner)

bfg --delete-files PASSWORD.txt

Usage Notes

•Replace PATH_TO_FILE with the actual file path
•After running, force push: git push origin --force --all
•BFG is faster and simpler: brew install bfg
•All collaborators must re-clone after history rewrite
•Consider rotating any exposed credentials immediately

Warnings

Warning:This rewrites Git history - coordinate with your team first
Warning:Back up your repository before running
Warning:If data was pushed publicly, assume it's already compromised

Related Scroll Ideas

• Set up .gitignore for sensitive files
• Use git-secrets to prevent committing secrets
• Scan repos for leaked credentials with trufflehog

← Back to Developer Scrolls