如何正确删除推送到Git仓库的敏感数据？ [英] How do I properly remove sensitive data pushed to a Git repo?

问题描述

一旦我意识到密码存在，我就添加了一个包含密码的文件将文件保存到 .gitignore 并执行 git rm -r --cached< filename> ，提交并推送到repo。

我现在意识到密码仍然存在于历史记录中 - 删除它的最佳方法是什么？

我阅读了删除敏感数据在Github上建议你修改密码 - 我已经这样做了 - 但我想删除历史记录。 解决方案

既然您自提交包含明文密码后已经提交了5次提交，最好的办法是在本地分支上以交互模式执行 git rebase -i 。找到添加了明文密码的提交的SHA-1，然后输入以下内容：

  git rebase --interactive dba507c ^ 
  

其中 dba507c 是前7个

改变这一点：

 选择包含明文密码的提交的dba507c注释
  

对此：

 编辑dba507c我已经删除了明文密码
  

对密码文件进行更改以删除明文，然后像这样提交结果：

  git commit --all --amend --no-edit 
 git rebase --continue 
  

  git push -f origin your_branch $ b>完成rebase，然后将您的（正确的）本地分支推送到远程： $ b  

您需要强制推送 your_branch becau你是否重写了历史记录（通过修改密码文件）。现在你有所有最新的提交，但你已经删除了明文。

I pushed a file containing a password to my repo by mistake - FYI the repo is just a small personal project.

Once I realised the password was present I added the file to .gitignore and executed git rm -r --cached <filename>, committed and pushed to the repo.

I now realise the password is still present in the history - what is the best way to remove it?

I read the Remove sensitive data page on Github which suggests changing the password - which I have done - but I would like to remove the history as well.

解决方案

Since you have already made 5 commits since the commit containing the clear text password, you best bet is to do a git rebase -i in interactive mode on your local branch. Find the SHA-1 of the commit where you added the clear text password, and type the following:

git rebase --interactive dba507c^

where dba507c are the first 7 characters of the SHA-1 for the bad commit.

Change this:

pick dba507c comment for commit containing clear text password

To this:

edit dba507c I have removed the clear text password

Make the change to the password file to remove the clear text, then commit your result like this:

git commit --all --amend --no-edit
git rebase --continue

Finish the rebase, then push your (correct) local branch to the remote via:

git push -f origin your_branch

You will need to force push your_branch because you have rewritten history (by modifying the password file). Now you have all your latest commits, but you have removed the clear text.

这篇关于如何正确删除推送到Git仓库的敏感数据？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！