How to permanently remove a commit with secret information from the gitlab repository.
If you've already submitted a commit to gitlab, you can't just delete it, even if you delete the branch, the commit will still exist in the project history.
If, for example, we accidentally captured sensitive information, we need to somehow delete that commit.
In this post, we'll look at how to remove a commit from GitLab permanently and completely.
1. First let's delete the blob:
According to the documentation https://docs.gitlab.com/ee/user/project/repository/reducing_the_repo_size_using_git.html#remove-blobs, we need to identify all the blob IDs in our project. To do this, we'll need the commit hash.
For example, let's say we have a commit that looks like this.
https://gitlab.com/yourname/some-project/-/commit/962f333701e51ff45742b0320a1acb9b86490b38Let's take this commit hash and enter it into the terminal.
git ls-tree 962f333701e51ff45742b0320a1acb9b86490b38
///output
100644 blob 6035e7de9da4cfdb13444e884b42657d6aa0a87f secret.txt <----- we need to delete this file
040000 tree d3eea836d693422f6adac622f105f4f4d7cc83ff routes
040000 tree 9e8839c5e59b663116731b80281e81163b0e6bac resources2. Than make the housekeeping
After we have blod id we need to delete it through gilab UI.
Let's move to Settings -> repository -> Repository maintenance -> Expand -> Remove Blobs
paste our blob id into the textarea (Blob IDs to remove) and click button remove blobs.
After that go to General -> Advanced -> Expand -> Run HouseKeeping and later Prune unreachable objects
To clean remote branches refs locally and re-fetch all refs run the command first in the list below.
git fetch --prune // re-fetch all remote branches
git branch -r // show only remote branches
Happy coding 🙂
Photo unsplash Jose Fontano
