Is there any way to replace sensitive information (API keys etc) in a git repo without using BFG and without removing the file's history?
BFG depends on JRE and I really don't want to t install it if there is another way.
Github help pages recommend using filter-branch but as this is the main route file of my app's api I want to preserve it's changes.
First, if your changes are already pushed to the server, you must invalidate that sensitive information (by resetting passwords, expiring api tokens, etc). Someone else might have already cloned the repo and already have your information. Then rewriting story will not prevent that user from using the information.
Then, if changes are not published you could rebase interactively from the previous commit to the one that introduced password. And chose edit action to amend that commit removing the passwords. This is the proposed alternative to filter-branch in Rewriting History of Git book.