LinuxCommandLibrary

git-obliterate

Permanently remove sensitive data from Git history

TLDR

Erase the existence of specific files

$ git obliterate [file_1 file_2 ...]
copy

Erase the existence of specific files between 2 commits
$ git obliterate [file_1 file_2 ...] -- [commit_hash_1]..[commit_hash_2]
copy

SYNOPSIS

git obliterate [options] ...

PARAMETERS

--all
    Applies obliteration to all files matching the name, regardless of path. Use with extreme caution.

--config=
    Specifies the configuration file to use.

--force
    Forces the obliteration, bypassing some safety checks. Use with caution.

...
    One or more files to obliterate from the repository history.

DESCRIPTION

The `git-obliterate` command is a powerful, and potentially dangerous, tool for permanently removing sensitive or unwanted files from a Git repository's entire history. This includes all branches, tags, and commits. Unlike simply deleting the files from the current working directory and committing the change, `git-obliterate` rewrites the repository's history to effectively make it as though the files were never there in the first place.

Use with extreme caution! This command should only be employed when absolutely necessary, such as when accidentally committing sensitive data like passwords, API keys, or proprietary information. Rewriting history can cause significant problems for collaborators and any existing clones of the repository, as it requires them to rebase or completely re-clone the repository to incorporate the rewritten history. Before using, back up your repository.

CAVEATS

Rewriting history can create divergence between your local repository and remote repositories. All collaborators will need to rebase or re-clone their repositories to avoid conflicts and data loss. This process can be disruptive and time-consuming, especially for large repositories with many contributors. Always create a backup before using `git-obliterate`.

ALTERNATIVE APPROACHES

Before using `git-obliterate`, consider if less disruptive alternatives are sufficient. If the sensitive data is not critical and has not been widely distributed, removing it from future commits and adding the file to `.gitignore` may be enough. If the data leak is serious, contact security professionals for guidance.

SEE ALSO

git filter-branch(1), git rebase(1), git reset(1)

Copied to clipboard