The Easiest Way To Remove Checked In Credentials From A Git Repo
Using An Open Source Utility — BFG
Sometime you may get into a situation where someone might accidentally or unknowingly end up committing credentials, passwords, secrets, etc. in a git
repository. In one of my previous articles, I had talked about how to prevent committing secrets using pre-commit
hooks. Even by taking such precautions if the credentials get committed then there is no easy way to remove these credentials. If you just remove the credentials or the file itself and commit again, the credentials can be seen in the history easily.
There are other options like git-filter-branch
but you need real good git expertise to use it. In this article, we will be using an open-source utility that will help us achieve this.
Introduction to BFG
BFG is a repo cleaner, open-source utility. It is written in Scala. Apart from credentials clean up, it can also help us remove large blobs from the Git. You can download BFG JAR and it is ready to use —
wget https://repo1.maven.org/maven2/com/madgag/bfg/1.13.0/bfg-1.13.0.jarchmod +x bfg-1.13.0.jar