如何从github历史记录中的文件中删除敏感数据 [英] How to remove sensitive data from a file in github history

问题描述

我正在使用共享的github存储库在项目上进行协作.因为我是个白痴，所以我提交并推送了一个脚本文件，其中包含不想共享的密码(是的，我可以更改密码，但是无论如何我都希望将其删除！).

I am using a shared github repository to collaborate on a project. Because i am an idiot, I committed and pushed a script file containing a password which I don't want to share (Yes, i can change the password, but I would like to remove it anyway!).

是否有任何方法可以从github的历史中还原提交，在本地删除密码，然后重新提交并推送更新的文件?我不想完全删除文件，并且我不希望丢失github上的提交历史记录.

Is there any way to revert the commits from github's history, remove the password locally and then recommit and push the updated files? I do not want to remove the file completely, and I would rather not lose the commit history on github.

(此问题 如何从git中完全删除文件存储库? 显示了如何删除敏感文件，但没有显示如何从文件中删除敏感数据，因此这不是重复的内容

(This question How can I completely remove a file from a git repository? shows how to remove a sensitive file, but not how to edit sensitive data from a file, so this is not a duplicate)

推荐答案

我建议使用新的替换了BFG和git filter-branch .

I would recommend to use the new git filter-repo, which replaces BFG and git filter-branch.

注意:如果在运行上述命令时收到以下错误消息:

Note: if you get the following error message when running the above-mentioned commands:

Error: need a version of `git` whose `diff-tree` command has the `--combined-all-paths` option`

这意味着您必须更新git .

it means you have to update git.

首先:执行一份本地存储库副本(一个新克隆)

First: do that one copy of your local repo (a new clone)

请参阅"

最后，您可以(如果您是该存储库中唯一的工作人员)进行git push --force

At the end, you can (if you are the only one working on that repository) do a git push --force

如果要修改文件内容，则可以基于文件中的表达式列表(每行一个)来进行修改.
例如，名为expressions.txt的文件包含:

If you want to modify file contents, you can do so based on a list of expressions in a file, one per line.
For example, with a file named expressions.txt containing:

p455w0rd
foo==>bar
glob:*666*==>
regex:\bdriver\b==>pilot
literal:MM/DD/YYYY=>YYYY-MM-DD
regex:([0-9]{2})/([0-9]{2})/([0-9]{4})==>\3-\1-\2

然后跑步

git filter-repo --replace-text expressions.txt

将通过并替换:

• p455w0rd和***REMOVED***，
• foo和bar，
• 任何包含666并带有空行
的行
• 带有pilot的driver单词(但如果前后带有字母，则不会；例如，驱动程序将保持不变)，
• 与YYYY-MM-DD和
相同的文本MM/DD/YYYY
• 将格式为MM/DD/YYYY的字符串与格式为YYYY-MM-DD的字符串相加.

• p455w0rd with ***REMOVED***,
• foo with bar,
• any line containing 666 with a blank line,
• the word driver with pilot (but not if it has letters before or after; e.g. drivers will be unmodified),
• the exact text MM/DD/YYYY with YYYY-MM-DD and
• date strings of the form MM/DD/YYYY with ones of the form YYYY-MM-DD.

这篇关于如何从github历史记录中的文件中删除敏感数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！