'How to completely remove a commit from gitlab?

I made a commit in my git repo and pushed it, but accidentally it contained some passwords for our production machines. So I deleted the commit:

git reset --hard HEAD~1
git push --force

That indeed removed the commit from the list of commits, but the url to the commit on gitlab still shows the source of the commit.

I'm not sure whether this is git which still saves the contents of the commit on the gitlab servers, or the gitlab databases which somehow store the contents of the commit, but I really need to completely remove that commit from the gitlab servers.

Does anybody know a way to completely remove a commit and it's contents from gitlab?

gitgitlabcommitgit-reset


Solution 1:[1]

You should probably start with looking at the web interface for your GitLab repository. If the branch is there, you can delete it by running 

git push <remote> :<branch>

This will replace <branch> with what's before the colon, i.e., nothing, at the specified remote. If you can't check if the branch is at the remote using the web interface, you should be able to get all the branches or at least list them using some git fetch like command, not sure how.

If the branch is not listed at the remote, you just have a local copy of what was at the remote, and you should be able to delete that copy with e.g,

git branch -D <remote>/<branch>

I can't speak for GitLab's internals, so I can't guarantee that the data will be destroyed if you do this, so you should replace all passwords as already suggested.

Solution 2:[2]

As you may have noticed, even if you rewrite your git history and force-push the change to the repository, the removed commits will still be present in several places in GitLab. You'll notice, for example, merge requests that reference deleted commits still show the content of references in the MR. GitLab holds onto refs and their content in several places that can't be directly pushed over (protected refs not advertised by the git server) including refs/merge-requests/*, refs/pipelines/*, refs/environments/* and refs/keep-around/*.

To remove such references, you need to follow the purge files from repository history procedure in order to completely remove the content of these references from GitLab. This process is intended for helping reduce repository size, but works for your use case as well.

As mentioned in the comments, the appropriate action to take when a secret is accidentally committed is to rotate the secret. Removing it from your history doesn't necessarily stop someone who already has the secret from using it.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 nixlarfs
Solution 2 sytech

Related Questions

Given long git commit how to safely get short commit

Given long git commit how to safely get short commit

Given long git commit how to safely get short commit

How can I 'git clone' from another machine?

VS Code / Bitbucket / SSH - Permission denied (publickey)

Differences between git pull origin master & git pull origin/master

git config: remote.<name>.fetch - is it possible to set up exceptions?

Git push hangs when pushing to Github?

How to clone git repository with specific revision/changeset?

Remove a file from the list that will be committed

Unable to create '/git/index.lock': File exists - but it doesn't

VSTS: How to get all linked work items since last successful release to production?

Versioning of debian packaging Information

How to generate ssh keys (for github)

How do I commit case-sensitive only filename changes in Git?