Did I really just commit and push a file with a password in it?–Remove all traces of pushed Git commit

Lucas Jellema

Surely I would never be so stupid as to commit a file that contains sensitive information – say my Oracle Cloud account’s private key. And even if I did, I would not push that change to a public git repo on GitHub, would I?

It turns out that I did exactly that. Ooops. Big one.

I quite frantically looked for a way to undo that mistake – remove the push and undo the commit as if it never had happened.

It turned out not to be very hard – thanks to this thread on StackOveflow.

I first checked the git log to get the commit identifier for the commit I wanted to revert to. Note: this whole story takes place on branch oci-objectstorage-state.

git log


The identifier eb54584888c3901ac6944712bd9a685db4fa1f24 –from the one but last commit – is the correct one,.

Using git push –f origin <last correct commit id>:<branch> or:

git push -f origin eb54584888c3901ac6944712bd9a685db4fa1f24:oci-objectstorage-state

I got rid in the remote repository of the commit that took place

imageAt that point, the remote repo has lost the erroneous commit. The local repo still has it.

Using git reset <last correct commit id> I align the local situation.

Finally, using git status I find that the file that was committed and pushed is now once again marked as modified – and not staged. Better take out the sensitive stuff before staging, committing and pushing it again.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Next Post

Oracle Cloud Go SDK and Instance Principal based Authentication

In a recent article, I described the use of the OCI SDK for Go(Lang) – in my example to interact with the ObjectStorage service. In the article, I used authentication based on tenancy and user ocid, fingerprint and private key. However, when the Go application is running in an OCI […]
%d bloggers like this: