The Easiest Way To Remove Checked In Credentials From A Git Repo

Using An Open Source Utility — BFG

Tanmay Deshpande

--

Photo by Yancy Min on Unsplash

Sometime you may get into a situation where someone might accidentally or unknowingly end up committing credentials, passwords, secrets, etc. in a git repository. In one of my previous articles, I had talked about how to prevent committing secrets using pre-commit hooks. Even by taking such precautions if the credentials get committed then there is no easy way to remove these credentials. If you just remove the credentials or the file itself and commit again, the credentials can be seen in the history easily.

There are other options like git-filter-branch but you need real good git expertise to use it. In this article, we will be using an open-source utility that will help us achieve this.

Introduction to BFG

BFG is a repo cleaner, open-source utility. It is written in Scala. Apart from credentials clean up, it can also help us remove large blobs from the Git. You can download BFG JAR and it is ready to use —

wget https://repo1.maven.org/maven2/com/madgag/bfg/1.13.0/bfg-1.13.0.jarchmod +x bfg-1.13.0.jar

Clone Repo

--

--