How do I edit past git commits to remove my password from the commit logs?

问题

My problem: cygwin git doesn't seem to correctly prompt for credentials when using https:// URLs, so I used username and password in the URL. Unfortunately when I did a "get pull" it auto-commited a message with the full URL including password. I didn't notice this until after I had pushed the changes.

How do I edit old commit messages to eradicate the password in the URL?

My shared git repo is on my own server. I can do surgery on the repo if necessary.

Instructions on how to change my configuration (i.e. don't use Cygwin, don't use https) are unnecessary -- I'm trying to deal with what is already done.

Yes, I can and will burn the password but I'd still like to fix it.

回答1:

To completely remove a file from a git repository and its history, use these commands.

# Check out the remote repo
git clone git://host/path/repo.git
cd repo

# Clobber the file in your checkout
git filter-branch --force --index-filter 'git rm --cached --ignore-unmatch file-to-purge.txt' --prune empty --tag-name-filter cat -- --all

# Make sure you don't accidentally commit the file again
echo file-to-purge.txt >> .gitignore
git add .gitignore
git commit -m "Prevent accidentally committing this again" .gitignore

# Push the edited repo. This will break other people's clones, if any.
git push origin master --force

For more information, remove sensitive data guide at GitHub will help you.

回答2:

The link to removing sensitive data on git-hub is useful. However, I found a tool that was very straight-foward to use: Eric Raymond reposurgeon.

This tool allowed me to easily import my repo, list the commits with the issue, edit them (I did so individually) and write out a git fast-import stream of my repo. I imported that stream into a new repo and rsync'd it into place.

The downside is that my old repo is completely dead -- I changed history. That would be true of using "git filter-branch" as well, according to the docs.

回答3:

If you can edit the server, you can reset branch head to the previous one (HEAD^).

• first of all, get the HEAD^ hash you want to "revert" to.
• go to (git bare repository's directory in server)/refs/heads, change to user git (or any the git serves), run "echo (hash) > (branch name)" to reset.

that's all. BTW, you cannot change the repo pulled before you did the above

来源：https://stackoverflow.com/questions/8394442/how-do-i-edit-past-git-commits-to-remove-my-password-from-the-commit-logs