It provides a faster, simpler alternative to git filter-branch for removing unwanted data.įor example, to remove your file with sensitive data and leave your latest commit untouched, run: $ bfg -delete-files YOUR-FILE-WITH-SENSITIVE-DATA The BFG Repo-Cleaner is a tool that's built and maintained by the open source community. You can purge a file from your repository's history using either the git filter-repo tool or the BFG Repo-Cleaner open source tool. Purging a file from your repository's history Consider these limitations in your decision to rewrite your repository's history. Removing the compromised data doesn't resolve its initial exposure, especially in existing clones or forks of your repository. If you committed a password, change it! If you committed a key, generate a new one. Warning: Once you have pushed a commit to GitHub, you should consider any sensitive data in the commit compromised. You cannot remove sensitive data from other users' clones or forks of your repository, but you can permanently remove cached views and references to the sensitive data in pull requests on GitHub by contacting GitHub Support. However, it's important to note that those commits may still be accessible in any clones or forks of your repository, directly via their SHA-1 hashes in cached views on GitHub, and through any pull requests that reference them. This article tells you how to make commits with sensitive data unreachable from any branches or tags in your GitHub repository.