How to remove credentials from GitHub?

2 min readFeb 8, 2021

What to do if you found out that you accidently pushed file that has credentials or keys to GitHub? Here you will find a great solution to fix that.

As .ginignore Documentation says .gitignore file serve to untrack files that Git should ignore. Files already tracked by Git are not affected. So adding file to .gitignore only ignores new added files (that are not part of the repository yet). If you add a file to .gitignore that was already tracked (git added) the file will still be tracked by Git.

In that case it is necessary to untrack file first git rm --cached <fileName> and then re-add the file git add . and commit your changes.

This will start ignoring file in GitHub but you still have this file in GitHub history commits. In that case the only one way (that I could find) is renew your repo:

  1. Create a temporary branch: git checkout --orphan temporary-branch
    It will be the root of a new history totally disconnected from all the other branches and commits.
  2. Add all the files: git add -A This command will add all modified and untracked files in the entire repository. git add .will only add modified and untracked files in the current directory. If you are at the root of the repo, they have the same effect. The difference is clear if you are one or more levels below the root.
  3. Commit the changes: git commit -am "initial commit"
  4. Delete the old branch: git branch -D main
  5. Rename the temporary branch to main: git branch -m main
  6. Push update to your repo: git push -f origin main

Thank you for reading! I hope this blog will be helpful for removing your credentials from GitHub.