LinuxCommandLibrary

git-obliterate

Permanently remove sensitive data from Git history

TLDR

Erase the existence of specific files

$ git obliterate [file_1 file_2 ...]
copy

Erase the existence of specific files between 2 commits
$ git obliterate [file_1 file_2 ...] -- [commit_hash_1]..[commit_hash_2]
copy

SYNOPSIS

git-obliterate [--dry-run] [--no-backup] [--verbose] [--purge] <pathspec> [<pathspec> ...]

PARAMETERS

--dry-run
    Simulate the operation without making changes; useful for testing.

--no-backup
    Skip creating refs/original backup refs (risky).

--verbose
    Enable detailed output during execution.

--purge
    Immediately delete backup refs after success (use with caution).

-h, --help
    Display help message and exit.

DESCRIPTION

git-obliterate is a powerful shell script utility designed to completely and permanently remove specified files or paths from the entire history of a Git repository. Unlike git rm, which only affects the working directory and staging area, git-obliterate rewrites every commit in the repository's history using git filter-branch --index-filter or similar mechanisms to excise the targeted paths. This makes it ideal for purging sensitive data like passwords, API keys, private files, or large binaries accidentally committed earlier.

The process creates a backup of the original refs under refs/original by default, allowing potential recovery if needed. It supports multiple pathspecs and operates recursively on directories. After obliteration, users must force-push changes to shared remotes, which can disrupt collaborators.

Performance scales with repository size; large histories may take hours. It's a local operation only—run it on clones before affecting remotes. Widely used for compliance and security cleanups, but demands caution due to its destructive nature.

CAVEATS

Destructive operation rewrites history—always test with --dry-run. Slow on large repos; incompatible with shallow clones. Force-push required afterward, breaking shared history. Not suitable for bare or remote repos directly.

INSTALLATION

Download git-obliterate script from GitHub, make executable (chmod +x), and add to PATH or $HOME/bin.

EXAMPLE USAGE

git-obliterate --dry-run secret.key
git-obliterate secret.key
git push origin --force --all

HISTORY

Developed by Stefan Walther in 2014 as an open-source GitHub project (https://github.com/stefanwalther/git-obliterate). Gained popularity as a simpler alternative to manual filter-branch usage for history rewriting. Still actively used despite newer tools like git-filter-repo.

SEE ALSO

git-filter-branch(1), git-filter-repo(1), git(1)

Copied to clipboard