I have uploaded my project on GitHub public repo. But one of the files contains my password information. And there are several commits I have made already. How can I hide my password right from the initial commit?

There is no separate file for a password. So I can't use .gitignore in this case. A password is hardcoded in the app.py file which handles the main logic of the application. So, I can't use BFG Repo-Cleaner. Is it possible to delete the file and add a new one by overwriting the previous commit?

I have made the changes in the file and pushed in a repo. But still, previous commits shows my password information. Also, I am not interested in creating a new repo and deleting the old one(unless I have no other choice).

I would be glad if I get some help.

Thanks in advance.

GitHub has an article for exactly this. Check it out here. To sum up the article: you can use either the git filter-branch command or the BFG Repo-Cleaner. BFG Repo-Cleaner is easier and faster to use, so I use that. To use BFG Repo-Cleaner follow these steps:

1. Download the jar file at the project repo or with macos use brew install bfg
2. Clone a fresh copy of your repo, using the --mirror flag:

git clone --mirror git://example.com/some-big-repo.git

if using SSH or

git clone --mirror https://example.com/some-big-repo.git

if using HTTPS.

This is a bare repository so you won't be able to see your files but it will be a full copy of your repository with all commits.

3. You can then use the following command to delete specific files from previous commits:

java -jar bfg.jar --delete-files [FILE NAME] --no-blob-protection my-repo.git

or if installed to the PATH

bfg --delete-files [FILE NAME] --no-blob-protection my-repo.git

or to delete a password from an old commit

bfg --replace-text passwords.txt

4. Before pushing back up to your repo, check that the repo history has changed by going into your git repo folder and running the following command:

git reflog expire --expire=now --all && git gc --prune=now --aggressive

and then

git gc

to strip out unwanted data that you don't want to push back up to your repo.

5. Once your happy, push back up to your remote repo by running git push - note that, because you used the --mirror flag when cloning your repo, when you push back to your repo, you will also push back reference changes.

To read up more about BFG Repo-Cleaner, visit this link.

first take a copy of the file(ie app.py)

remove the file(replace PATH-TO-YOUR-FILE-WITH-SENSITIVE-DATA with path/to/app.py) from git history(you also need to push the repo if you cloned from a remote repository):

git filter-branch --force --index-filter \
  "git rm --cached --ignore-unmatch PATH-TO-YOUR-FILE-WITH-SENSITIVE-DATA" \
  --prune-empty --tag-name-filter cat -- --all
git push --force --verbose --dry-run
git push --force

now remove the passwords from app.py file and move it to git repo, then add and commit

Here is an alternative and quick workaround to change sensible data without removing files.

# Sync with the remote master
git pull

# Force your clone to look like HEAD
git reset --hard

# AGAIN, A WARNING: This can really break stuff!

# Run your filter branch command, replacing all instances of "password" with "your_password"
# The example looks for Ruby files ("*.rb"), you can change this to match your needs
git filter-branch --tree-filter 'git ls-files -z "*.rb" |xargs -0 perl -p -i -e "s#(password)#your_password#g"' -- --all

# Overwrite your master with local changes
git push origin master --force

Source: https://palexander.posthaven.com/remove-a-password-from-gits-commit-history-wi