How to Remove Sensitive Data from Git History

Sensitive columns—emails, passwords, API keys—are in your Git history. You cannot let them stay. Teams often try git reset to roll back changes, but a simple reset will not fully clean sensitive data. Git keeps history, and a standard reset only changes the current branch pointer. The old commits, with all the sensitive columns, still exist in the repository object database.

To remove them, you must rewrite history. Tools like git filter-repo or BFG Repo-Cleaner allow you to target specific columns in files or entire files, and strip them from every commit they appear in. This process will rewrite commit hashes, and you will need to force-push to the remote. Every collaborator will have to re-clone or handle the rewritten history.

The steps:

1. Install git filter-repo if not available.
2. Identify the files and patterns that contain sensitive columns.
3. Run a filter to remove or replace the data across all commits:

git filter-repo --path data.csv --replace-text replacements.txt

1. Verify the data is gone with git log -p and searches through git grep.
2. Force-push to the remote:

git push origin main --force

Never rely on git reset alone for sensitive data removal. It hides it from the tip of the branch but leaves it buried in history. The only real fix is to surgically purge the data and rewrite history.

If you need to detect and block sensitive columns in commits before they happen, or roll them back with precision, hoop.dev can run the guardrails for you automatically. See it live in minutes at hoop.dev.