The logs told a different story. Names, emails, and phone numbers sat exposed in your repo history—PII you thought was forgotten.
Git reset alone will not save you. Deleting files and pushing again will not erase sensitive data from your past commits. Once PII is committed, it lives in history until you rewrite it. To remove it, you need to combine git reset, filter-branch, or git filter-repo with a deliberate purge of the offending objects.
Start by identifying where the data exists. Use git log -p with grep to search for strings that match common PII patterns. Confirm each match before rewriting history. Blind resets can cause data loss and break branch integrity.
When you find the commits, git filter-repo is the fastest, most reliable tool. Run it to surgically delete files or specific lines containing PII across all branches. After the cleanup, force push (git push --force) to update the remote. Remember that any clones still hold the old data. Coordinate with your team to run the same cleanup locally.
Avoid mixing reset operations with partial history edits. Git reset --hard works for discarding local changes, but it does not touch commit history. To truly remove PII, you must rewrite commits, rebase if necessary, and verify with a fresh clone before restoring normal workflow.
Once the purge is complete, lock down patterns that could introduce PII again. Add pre-commit hooks and CI rules to block sensitive strings. Prevention is cheaper than a forensic cleanup.
If you need a fast, low-friction way to see how secure repos work without PII exposure, run it live on hoop.dev and watch it in action within minutes.