| Table of Contents |
|---|
On GitHub, when you create a pull request (PR) from a branch, you are able to view commit history even if you close the PR and delete the branch. This means that if you have sensitive data on GitHub that should not be exposed, the data will still be shown there even if you make an extra commit to remove it.
What you need is not to make additional commits, but to modify the commits you made.
Solution 1 (easy): Remove commits and close the PR
keep the PR open and do not delete the branch
create a local back up branch in case you want to cherry-pick commits later on
switch to the branch of the PR that has the sensitive data
make a commit to delete the sensitive data if you have not
| Expand | ||
|---|---|---|
| ||
After force pushing your branch, GitHub shows you the difference between the last commit made to the branch before force-pushing the branch and the latest commit of the branch after force-pushing, and those two commits are accessible. This means that if the last commit made to the branch before force-pushing has sensitive data, the sensitive data will still be visible on GitHub. |
push the branch
find a previous commit of the commit that added the sensitive data and copy the commit hash
hard-reset
Code Block git reset --hard <commit-hash>
force push
Code Block git push -f
| Expand | ||
|---|---|---|
| ||
Situation: We have a PR that has two commits. The first commit has sensitive data. 
|
Solution 2 (advanced): Rewrite commits and keep the PR
create a local back up branch in case the branch is messed up
switch to the branch of the PR that has the sensitive data
make a commit to delete the sensitive data if you have not (this is for the sensitive data not to show on GitHub after force-pushing)
push the branch
rewrite commit history using
git rebase -i
(https://docs.github.com/en/get-started/using-git/using-git-rebase-on-the-command-line )force-push
| Expand | ||
|---|---|---|
| ||
Situation: We have a PR that has two commits. The first commit has sensitive data.
|