Additional FAQ Ideas #13
Description
How to scrub repo of PII. Matt email [Oct 31, 2014]:
The process of scrubbing a repo's history of a file that shouldn't
have been pushed...
Read everything on this page:
https://help.github.com/articles/remove-sensitive-data
I went with BFG over git-filter-branch:
http://rtyley.github.io/bfg-repo-cleaner/. It was pretty easy, and I'd
recommend it. Though in some cases rebasing may be sufficient? A
couple of comments on BFG:
- Download the .jar file and run it through Java in the shell:
java -jar bfg.jar
This didn't work for me from the Git shell; I had to run cmd.exe. To
run the java command, you have to have the JRE installed (you probably
do already), and you need the shell to be able to find it. That last
part may require you to update your %PATH% environment variable or
specify the full filename of java.exe (rather than just "java").
- To see all the BFG options:
java -jar bfg.jar --help
- When you run BFG, specify the --private flag.
Last but not least, remember to think about cached views and pull
requests (see the first link above). For instance, even if your clean
history is pushed, old files may still be accessible if the user can
specify their SHA. You'll need to contact GitHub support to take down
cached views, etc.