When migrating projects over to GitHub, I found there were still some passwords inside my SVN repositories. Obviously it's not good practice to store your passwords in a code repository - let alone at a remote location, so I wanted to replace all passwords. Not only in the current version, but in all commits that have been made over the past 3 years. Luckily with Git - you can.

Now, there is a guide to Remove sensitive data on GitHub; but that removes files completely.

I wanted to preserve the files and just replace the passwords in Git history.

So my plan was to:

Create GitHub accounts for every SVN comitter
Store the SVN<>GitHub account mapping in ~/.authors
Checkout SVN tree as a local Git repo (using git-svn)
Go over all the commits and replace all passwords with xXxXxXxXxXx
Go over all code in the HEAD - the current version of the project
1. find xXxXxXxXxXx
2. replace with App::config('Database.main.password')
3. Have App::config take the password from a config file that's outside the repository

Now that I have a working HEAD without real passwords or xXxXxXxXxXx, and a lot of previous versions with just xXxXxXxXxXx in them:

Send it to GitHub
Continue leading a happy life without worries.

Here are the commands I ended up using:

# Import from SVN
cd ${HOME}/workspace
git svn clone --authors-file=${HOME}/.authors svn://svn.example.com/projectX/trunk projectX
 
cd projectX
 
# Rewrite history
git filter-branch --tree-filter 'git ls-files -z "*.php" |xargs -0 perl -p -i -e "s#(PASSWORD1|PASSWORD2|PASSWORD3)#xXxXxXxXxXx#g"' -- --all
 
# Make workspace look like HEAD
git reset --hard
 
# Try to recompress and clean up, then check the new size
git gc --aggressive --prune
 
# To GitHub
git remote add origin git@github.com:kvz/projectX.git
git push origin master