I am using BFG repo cleaner to remove secrets from my repository. But as the instructions say to force push my changes to main branch. I am unable to do so because my organisation repo has blocked force push to the repository.
Is there any way to merge my changes onto the main branch (force push blocked branch) ?
I had tried merging my changes from derived-branch to main but the problem here is only derived branch has its secrets removed not the main after merging.
derived-branch from main
java -jar bfg-1.14.0.jar --replace-text Passwords.txt this is the command that i use to replace the secrets.
What should i do if my main branch had blocked force push?
As already said in a comment, you have to force push otherwise commits with credentials won't be replaced and credentials will always be visible.
So policy preventing force push has to be disabled temporarily.
But as always when credentials are divulgated, you must assume that maybe they have been already discovered and you must revoked them (I.e. change password or regenerate the token).
And if you revoke them (remember, you must do it!), maybe you now don't care about rewriting history...
