I recently noticed that I had accidentally committed a .env file which contained sensitive information. My best guess is that I accidentally clicked OK when Webstorm asked me if I wanted to add the file to git because it was added to the .gitignore file immediately after creation. I did not notice that this file was being continually pushed to VCS for several weeks. I immediately ran git rm --cached .env and used BFG-Repo Cleaner to purge the file from my version history. The problem is that while BFG-Repo Cleaner did its job (albeit oddly, every commit is now duplicated), and the file no longer exists anywhere in my commit history, the commit where I actually removed the file shows exactly what was removed, i.e the passwords and keys. Is this the usual result of running BFG-Repo Cleaner? If so, how can I remove that commit from the history without losing any commits that have been made since then? Most of the answers that I can find refer to using git reset --hard to revert to the commit before the one that I want to get rid of, but I don't wish to lose my work after that point.
I just find it odd that a tool that is designed for removing sensitive data from version history, would still show the diff of the commit where the sensitive data was removed.
I used BFG-Repo-Cleaner as it seemed like an easier alternative to git-filter-branch, but is there a use case for using git-filter-branch here now, not to remove a file, but to remove the commit which shows the contents of the file that I removed?
Option 1: If you commit your file as a separate commit.
git rebase -i commit_hash of one less than needed and remove that commit.
Lets say: This is your commit history
commit 5347819473b66359e8324004470040bee0892447 (HEAD -> master)
Author: XXXX
Date: Wed Dec 13 21:43:29 2017 +0530
third commit
blah2.h | 1 +
1 file changed, 1 insertion(+)
commit d88e9dc5aadfad5872a2cc8214ba5295e2668526
Author: XXXX
Date: Wed Dec 13 21:42:56 2017 +0530
second commit
blah1.h | 1 +
1 file changed, 1 insertion(+)
commit 2419b28fee57a6923ce37e2e144c12d88fb75183
Author: XXXX
Date: Wed Dec 13 21:42:33 2017 +0530
first commit
blah.h | 1 +
1 file changed, 1 insertion(+)
And you want to remove second commit.
git rebase -i 2419b28fee57a6923ce37e2e144c12d88fb75183 - Commit hash of first commit. And then interactively remove the line containing the second commit and save.
Option 2: If you commit your file with other changes as well, then
git reset commit_hash of one less than needed.
Add that file to git ignore and commit all the changes from then as a new commit. In this, you will lose the history of the project from that point you commit that file to now.