Easily remove secrets from git history

Everyone makes mistakes, and learning how to deal with them when you do is one of lifes greatest skills. Thankfully a large propotion of the mistakes you make are easy to fix and no one really know about them.
However git is an outlier, with its meticulas record keeping it can seem like mistakingly pushing a password or API key is the end of the world, but thanks to a tool called BFG quickly and safely removing secrets from your git history is easy.

Photo by Yancy Min on Unsplash

Steps:

• Install BFG with brew “brew install bfg”
• Clone your git repo DB “git clone — mirror [Repo URL]”
• Create a file with the secrets you wish to remove from the repo one per line “echo “supersecretpassword” >> secrets.txt”
• Run BFG to remove your secrets “bfg — replace-text secrets.txt REPONAME.git”
• Change directory into your repo and carry out the the commands BFG prints to screen normally something like: “git reflog expire — expire=now — all && git gc — prune=now — aggressive”
• Push your changes “git push”

You will likely need to disabled admin branch protection and allow force pushes. once the push has succeeded you should be able to go back into your git history and check they are no longer showing and will look something like this:

"variables": {​​​​​​​​​​​​​
    "aws_access_key": "***REMOVED***",
    "aws_secret_key": "***REMOVED***"
  }​​​​​​​​​​​​​,

Easy right?