I usually work on pet projects using git to keep track of changes but without thinking too much about exposing credentials or sensitive information, and once it is a good idea to publish it I clean it up.
The first thing I do is push my current version to a remote repository, because if I mess something up I can always revert my changes.
Download and install git-filter-repo.
This is the tool used to remove files/directories or sensitive information from the repository history.
These are the commands I usually use:
To remove a file or directory:
git-filter-repo --path "my-trash-0" --path "my-trash-1/abc" --invert-paths
--invert-pathsflag is really important, otherwise you will remove all files but the ones specified.
To check if some text is present anywhere in the history:
git rev-list --all | xargs git grep -i "text i'm looking for"
To replace/remove text:
git filter-repo --replace-text <(echo "SECRET==>notsosecret")
Then rinse and repeat until there is not anything unwanted.
Force push your changes.
As you've rewritten the repository history you will need to push your changes with the
--force flag and depending on the remote repository settings you may need to allow force pushes.
Before doing this, you may need to add your remote again, because I believe git-filter-repo removes it to prevent you from pushing your changes by mistake.
You can do this with the following command:
git remote add origin https://github.com/user/repo
Thanks for reading and I hope this can be useful to you.