Git: remove sensitive data

Link: https://help.github.com/articles/remove-sensitive-data

1. show all files (current & historical)
   

   git log --all --pretty=format: --name-only | sort -u | uniq

2. completely remove file from git (including history)
   

   git filter-branch -f --index-filter 'git rm --cached --ignore-unmatch <filename>' --prune-empty --tag-name-filter cat -- --all

3. remove backups
   

   rm -rf .git/refs/original/

   maybe replaced by

   git for-each-ref --format="%(refname)" .git/refs/original/ | xargs -n 1 git update-ref -d

4. delete unreachable commits
   

   git reflog expire --expire=now --all

5. start garbage collection
   

   git gc --prune=now

   git gc --aggressive --prune=now

6. push changes
   

   git push origin master --force

<note>If this step fails, you've to set denyNonFastforwards = false.</note>