从Git历史记录中删除敏感文件及其提交 [英] Remove sensitive files and their commits from Git history
问题描述
我想在GitHub上放一个Git项目,但它包含某些带有敏感数据的文件(用户名和密码,例如capistrano的/config/deploy.rb)。
我知道我可以将这些文件名添加到 .gitignore ,但这不会在Git中删除它们的历史记录。
我也不会希望通过删除/.git目录重新开始。
有没有办法在你的Git中删除所有特定文件的踪迹历史?
出于所有实际目的,您应该担心的第一个 是改变你的密码!从你的问题中不清楚你的git仓库是完全本地的还是你在其他地方有一个远程仓库;如果它是远程的并且没有从其他人那里获得保护,那么你有问题如果有人在解决此问题之前克隆了该存储库,则他们将在其本地计算机上拥有密码的副本,并且无法强制他们更新到历史记录中的固定版本。您可以做的唯一安全的事情就是将您的密码更改为您使用过的任何地方。
的方式,这里是如何解决它。 GitHub正是以常见问题的答案回答:
Windows用户注意:在此命令中使用双引号()而不是单数
git filter-branch --index-filter \
'git update-index --remove filename'< introduction-revision- sha1> .. HEAD
git push --force --verbose --dry-run
git push --force
请记住,一旦您将此代码推送到远程存储库(如GitHub),并且其他人已经克隆了该远程存储库,则您现在处于重写历史记录的情况。其他人尝试在此之后拉下最新的更改,他们会收到一条消息,指出更改无法应用,因为它不是快进。
要解决这个问题,他们将不得不删除他们现有的存储然后重新克隆它,或者按照 git-rebase中的从上游重新启动中的说明进行操作 未来,如果您意外地对敏感信息进行了某些更改,但您注意到之前推送到远程存储库,有一些更简单的修复。如果您最后一次提交是添加敏感信息的提交,那么您可以简单地删除敏感信息,然后运行: 这将修改您之前做出的任何新更改,包括使用 打开一个编辑器,其中包含您自上次共同祖先以来所做的提交与远程存储库。在代表提交敏感信息的任何行上将pick更改为edit,然后保存并退出。 Git将逐步完成这些更改,并将您留在一个可以执行的地方: 每次更改敏感信息。最终,您最终会回到您的分支,并且您可以安全地推送新的更改。 I would like to put a Git project on GitHub but it contains certain files with sensitive data (usernames and passwords, like /config/deploy.rb for capistrano). I know I can add these filenames to .gitignore, but this would not remove their history within Git. I also don't want to start over again by deleting the /.git directory. Is there a way to remove all traces of a particular file in your Git history? For all practical purposes, the first thing you should be worried about is CHANGING YOUR PASSWORDS! It's not clear from your question whether your git repository is entirely local or whether you have a remote repository elsewhere yet; if it is remote and not secured from others you have a problem. If anyone has cloned that repository before you fix this, they'll have a copy of your passwords on their local machine, and there's no way you can force them to update to your "fixed" version with it gone from history. The only safe thing you can do is change your password to something else everywhere you've used it. With that out of the way, here's how to fix it. GitHub answered exactly that question as an FAQ: Note for Windows users: use double quotes (") instead of singles in this command
Keep in mind that once you've pushed this code to a remote repository like GitHub and others have cloned that remote repository, you're now in a situation where you're rewriting history. When others try pull down your latest changes after this, they'll get a message indicating that the the changes can't be applied because it's not a fast-forward. To fix this, they'll have to either delete their existing repository and re-clone it, or follow the instructions under "RECOVERING FROM UPSTREAM REBASE" in the git-rebase manpage. In the future, if you accidentally commit some changes with sensitive information but you notice before pushing to a remote repository, there are some easier fixes. If you last commit is the one to add the sensitive information, you can simply remove the sensitive information, then run: That will amend the previous commit with any new changes you've made, including entire file removals done with a That opens an editor with the commits you've made since your last common ancestor with the remote repository. Change "pick" to "edit" on any lines representing a commit with sensitive information, and save and quit. Git will walk through the changes, and leave you at a spot where you can: For each change with sensitive information. Eventually, you'll end up back on your branch, and you can safely push the new changes. 这篇关于从Git历史记录中删除敏感文件及其提交的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
git commit -a --amend
git rm 完成整个文件移除。如果这些更改进一步回溯到历史记录中,但仍未推送到远程存储库,则可以执行交互式重新分配:
git rebase -i origin / master
$ EDITOR文件到修复程序
git commit -a --amend
git rebase --continue
git filter-branch --index-filter \
'git update-index --remove filename' <introduction-revision-sha1>..HEAD
git push --force --verbose --dry-run
git push --force
git commit -a --amend
git rm. If the changes are further back in history but still not pushed to a remote repository, you can do an interactive rebase:git rebase -i origin/master
$EDITOR file-to-fix
git commit -a --amend
git rebase --continue
