BFG Repo Cleaner — Removing Secrets from History
The nuclear option for purging committed secrets from Git history, with step-by-step BFG usage and force push implications
You ran GitLeaks. It found an API key. Not in your current code — you already fixed that. But it's sitting in your Git history from three weeks ago, in a commit that's been pushed to GitHub and pulled by your entire team.
Deleting the file and making a new commit doesn't help. The old commit still contains the secret. Anyone who clones the repo or browses the history can find it. git log -p will show it clear as day.
You need to rewrite history. And for that, there's BFG Repo Cleaner — a faster, simpler alternative to git filter-branch that was designed specifically for this problem.
First things first: before you touch BFG, rotate the compromised credential immediately. Generate a new key and revoke the old one. History cleaning is about defense in depth, not a substit
This lesson is part of the Guild Member curriculum. Plans start at $29/mo.