So you've pushed sensitive information to GitHub

Doesn't matter how you got here, what confluence of issues came together in a perfect storm that lead you to this page.

Damage control

Whatever information it was is now compromised. Update your passwords, rotate your keys, change your name and move to a different state.

Removing file from Git and all previous commits

Install git-filter-repo brew install git-filter-repo

Clone your repo into a new directory.

Run git-filter-repo on the newly cloned local repo git-filter-repo --invert-paths --path PATH_TO_FILE

Re-add remote origin git add remote origin REPO.git

Force push `git push --force --all

What did we learn?

The incident where this occurred, not all .env files are in the default .gitignore file.

# Environments
.env
.venv
env/
venv/
ENV/
env.bak/
venv.bak/

Add a line for *.env for good measure