On my first commit I sent a binary file that has no reason to stay. And I sent a configuration file with real passwords. I changed the password to a fake, I deleted the binary, but if I go back to an old commit the data is still there.
I did not want to erase the repository and start a new one by missing out on my history of months worked to hide this little slip. But I really need these 2 files to be unrecoverable.
You can use the filter-branch for this.
First, you need to track the commits that contain this file:
git filter-branch --force --index-filter \
'git rm --cached --ignore-unmatch CAMINHO-PARA-SEU-ARQUIVO-COM-SENHAS' \
--prune-empty --tag-name-filter cat -- --all
Add the file to .gitignore (if you want to keep this password file locally only):
echo "SEU-ARQUIVO-COM-SENHAS" >> .gitignore
git add .gitignore
git commit -m "Add SEU-ARQUIVO-COM-SENHAS to .gitignore"
If everything is right and your repository is available remotely (eg in Github), make a push to overwrite all changes in the repository:
git push origin --force --all
Do the same with the tags, if you used any tags in the time the password file was available:
git push origin --force --tags
I recommend to back up the repository before proceeding with the above tips.