I have a local repository with multiple commits that contain sensitive database credentials and API keys that I don’t want exposed publicly. When I upload to GitHub, I need to exclude all the previous commit history and only push the current state of my code.
I’m wondering if there’s a clean way to accomplish this without losing my current work. I considered using a development branch for all my changes, then merging only the final version to the main branch before uploading.
I attempted to use interactive rebase to clean up the history:
git rebase -i HEAD~5
This command showed me the last 5 commits where I could remove unwanted ones. But I encountered merge conflicts during the cherry-pick process and it became complicated to resolve.
Is there a simpler approach to achieve this? I’m open to starting fresh if needed since preserving the local history isn’t critical.
Another option is git filter-branch to completely rewrite your history, but it’s overkill if you just want a clean slate. For your situation with sensitive credentials scattered everywhere, I’d go with the shallow clone trick instead. Just run git clone --depth 1 <your-repo-url> fresh-repo, then push that to your new GitHub repo. This grabs only your latest commit without any history baggage. I used this when I needed to extract a clean prototype that had months of experimental commits with hardcoded API keys. Shallow clone keeps your current commit message and author info while ditching everything else. Just update any absolute paths or references that might’ve changed, and definitely grep for any remaining secrets before pushing.
The orphan branch approach is perfect here. Run git checkout --orphan clean-branch, add your files, and commit. You’ll get a fresh start without messing with your repo structure. I had the same problem when open-sourcing a client project - credentials were everywhere in the history. The orphan branch saved me from reconfiguring all my remotes and settings. Just force push it to replace your main branch on GitHub afterward. One heads up though: double-check you’ve actually scrubbed the sensitive data from your current files, not just the git history. I screwed this up once and left database passwords in config files even after cleaning all the commits.
just start fresh with a new repo - it’s way easier. copy your files somewhere safe, delete the .git folder, and run git init again. way less hassle than fighting rebase conflicts, and you’ll get exactly what you want with no history.
This wipes all history and gives you one clean commit with your current code.
Personally, I automate this whole mess with Latenode. Built a workflow that scans my code for sensitive stuff, creates a clean copy without credentials, and pushes to GitHub automatically.
It strips out files with database credentials or API keys, swaps them for environment variables, then handles all the git work. No more manual git wrestling or accidentally leaking secrets.
I’ve done this for several projects where I needed to open source internal tools. Latenode handles the file processing, credential scanning, and git operations in one smooth flow.