git Ignore a File that has Already been Committed and Pushed

Chris Achard
InstructorChris Achard
Share this video with your friends

Social Share Links

Send Tweet

We make a .env file and accidentally push it to github.

In order to remove the .env file, we first have to add it to our .gitignore file - but that's not enough, because the .env file will still be on the branch on github.

So we can remove all of our files from our git cache with:

git rm -r --cached .

and then add back all the files we want with:

git add -A

(that will exclude the .env file this time - because of the .gitignore file).

Then we can commit that change (which is effectively the same as removing the .env file), and push it, which will remove the .env file from the mater branch.

IMPORTANT! If you have secrets in a file that you remove in this way, you should still consider those secrets compromised, because anyone could have pulled them already - and they are also still in the git history.

Instructor: [0:00] Let's make a new environment file, so we're going to touch .env. Here's where we might keep some secrets. Let's go to .env and we're going to say my value = testing 123 and save that. Then we're going to add ENV to the staging area and we'll commit it as adding an ENV file and then we can push that.

[0:28] As soon as we do that, we go to GitHub and we realize that we did not want to push that ENV file. Here it is on our master branch. If anyone pulls this, they'll have the environment values that we have. Since these are meant to be local environment values, we don't want that.

[0:46] We quickly go back and we do a touch git ignore and then open git ignore and we'll add .env and save it. Now, if we do a git status, we have our git ignore here so git add, git ignore and then commit. Ignore the ENV file and push that and push that.

[1:15] If we go check GitHub now and refresh, our ENV is still there, even though we're now ignoring it because the ENV was pushed before the git ignore. How do we handle that? What we have to do is remove the ENV file from the cache first.

[1:31] We can do git rm -r --cached. What that will do is remove all of our changes and then we can add the files again. Now, if we do git status, then what we've effectively done is deleted our ENV file. We could have also git remove our ENV file.

[1:51] This is a way, if you have many, many files that you're trying to ignore at once, you can remove them all from the cache and then add back just the files you want and then do a status. If we do a commit and say remove.env from remote and then do a push, now if go check GitHub again, the .env file won't be there.

[2:15] That's very important that if that .env file had secrets, it's still going to be right here. In this commit here, we can see that we still have the .env file. Those secrets are still on GitHub. If you push secrets to GitHub, you should just consider them as compromised. This is how you can ignore a file that you have already pushed, even though if you look in the history, that file is still there.