Removing a .env file from Git history

— 2 minute read

I'm sure this happens to everyone sometimes. You accidentally pushed a file with secrets or a password that shouldn't have gotten into the Git history.

In the following example, I "accidentally" pushed my .env file to Git simply because I forgot to add it to me .gitignore file.

Removing a secret file from Git history

Note: If you accidentally pushed secret keys to a repo, you should always revoke them and generate fresh keys!

Removing the file right away

The best thing to do now is to remove the file right away and add it to your .gitignore file.

In my case, I added the following to the .gitignore.

# Secret file
.env

Let's try and push that to see what happens.

Gitignore doesn't work on existing files

Yep, the .gitignore file doesn't untracked already committed changes. So how can we fix this now?

Removing a file from Git only

You can remove a file from Git by running the following command.

git rm -r --cached .env

If we then push this change, you will see that the file is gone in GitHub.

Removing a file from Git

However, this didn't completely solve our issue. If we look at our Git history, we can still find the file and expose the secrets!

Exposing secrets through Git history

Completely remove a file from Git history

To remove the file altogether, we can use the following command.

git filter-branch --index-filter "git rm -rf --cached --ignore-unmatch .env" HEAD

You will get some warnings about this messing up your history as this goes through your whole history and 100% removes its occurrence.

To push this, you have to run the following command.

git push --force

If we look at our history, we can still see the commits that include this .env file, but the content is empty.

Fully removed file in Git

Few, thanks for having our back Git!

You can find the repo it tried this in on GitHub.

Thank you for reading, and let's connect!

Thank you for reading my blog. Feel free to subscribe to my email newsletter and connect on Facebook or Twitter