My python application has database keys/api keys on source code. Something like:
db_key = XXXXXXXXXXXX
api_token = XXXXXXXXXXXX
...
I want to remove this keys automatically (Not the entire file) before commiting/pushing to git. Also, I want to remove this from my previous commits (already pushed to github). Is there any solutions?
Storing credentials/sensitive information in source code is a bad practice. It could be avoided by storing them in external location. Depending on requirements/security level external location could be:
Regarding your other part of the question – removing already pushed credentials. First disable leaked credentials (there are bots looking for them, both from Github and malicious users).
When credentials are disabled you need to rewrite history. This could be done with git rebase. Please be informed that rewriting public history is considered a bad practice and should be avoided. I would rather disable credentials and add commits that adds modification described in first part of the answer.
Doing the change automatically is possible with using pre-commit hook on your side, but that is not the best idea. After that change git status will always show you that workspace differs from index.
Other option would be to use filters, but that sound like overengineering to me. With this you'll fix the problem, but not the root cause (storing credentials in plain text in source code).