Removing Sensitive Data from Git. "Fatal: Ambiguous Argument 'Rm'"

Removing sensitive data from Git. fatal: ambiguous argument 'rm'

It depends on the shell you are using.

On Windows, with msysgit for instance, see issue 477:

Single quotes do not have a special meaning with CMD. Do not expect that they work
the same as with a POSIX shell. Call filter-branch like this:

git filter-branch --commit-filter "GIT_COMMITTER_NAME=void GIT_AUTHOR_NAME=void GIT_COMMITTER_EMAIL=just.a.test@kernel.org GIT_AUTHOR_EMAIL=just.a.test@kernel.org; git commit-tree \"$@\"" HEAD

Multiple lines:

git filter-branch --commit-filter "GIT_COMMITTER_NAME=void \
                                   GIT_AUTHOR_NAME=void \
                                   GIT_COMMITTER_EMAIL=just.a.test@kernel.org \
                                   GIT_AUTHOR_EMAIL=just.a.test@kernel.org; \
                                   git commit-tree \"$@\"" HEAD

As mentioned in "How to pass a programmatically generated list of files to git filter-branch?"

Each argument to the various ...-filters needs to be a single string. That string is saved as a shell variable.

So make sure 'git rm --cached --ignore-unmatch filename.js' is considered a string in the shell you are in.

As Constantine Ketskalo points out in the comments:

Windows 10, PyCharm, GitPython, same command as in question.

Simply changed ' to " inside the string and it worked!

Git filter-branch to remove sensative data not working on windows

The purpose of the " around the argument after --index-filter is to have the whole string treated as a single argument. You're defeating that by escaping the first " (i.e. putting a \ right before the "), causing a confusing interpretation of the command line that leads to this error. Try again without the \

Removing files from github

First, here's the important bit: Consider your credentials compromised. Change them. No matter what you do at this point, they are no longer secure.

Now that yo've done that, you have a couple of options:

• If you really just want to start from scratch, overwrite what's there with new commits using git push --force. This is likely your easiest path forward.

  git init <new-directory>
  $EDITOR README.md
  git add README.md
  git commit
  git remote add origin https://github.com/user/repo.git
  git push --force origin master
  

• Alternatively, you can remove the credentials from the history with filter-branch, as outlined on the GitHub help page on removing sensitive data.

  Your ambiguous argument 'rm' error is likely to do with quoting the command properly. Make sure to quote it as it shows in the article.

fatal: ambiguous argument 'origin': unknown revision or path not in the working tree

The git diff command typically expects one or more commit hashes to generate your diff. You seem to be supplying the name of a remote.

If you had a branch named origin, the commit hash at tip of the branch would have been used if you supplied origin to the diff command, but currently (with no corresponding branch) the command will produce the error you're seeing. It may be the case that you were previously working with a branch named origin.

An alternative, if you're trying to view the difference between your local branch, and a branch on a remote would be something along the lines of:

git diff origin/<branchname>

git diff <branchname> origin/<branchname>

Or other documented variants.

Edit: Having read further, I realise I'm slightly wrong, git diff origin is shorthand for diffing against the head of the specified remote, so git diff origin = git diff origin/HEAD (compare local git branch with remote branch?, Why is "origin/HEAD" shown when running "git branch -r"?)

It sounds like your origin does not have a HEAD, in my case this is because my remote is a bare repository that has never had a HEAD set.

Running git branch -r will show you if origin/HEAD is set, and if so, which branch it points at (e.g. origin/HEAD -> origin/<branchname>).

Ambiguous argument due to whitespace in filename?

You need to put the filename into quotes "file name.zip", else the command will think that it is a new argument after the space.

Completely remove files from Git repo and remote on GitHub

This is what you're looking for: ignoring doesn't remove a file. I suggest you read that page, but here's the specific command to use:

git filter-branch --index-filter \
'git rm -r --cached --ignore-unmatch <file/dir>' HEAD

Also, to remove all the deleted files from caches git creates, use:

rm -rf .git/refs/original/ && \
git reflog expire --all && \
git gc --aggressive --prune

You can find more info about the last command, as well as a script that does everything you want in one single action, here: git: forever remove files or folders from history.

Another links with lots of explanation: Remove sensitive data.

[Edit] Also, see this StackOverflow question: Remove sensitive files and their commits from Git history.

(Commands copied from natacado's answer in the question linked above.) If you have already removed the files from the working copy, the following should work. Find out the hash for the commit that added the unwanted files. Then do:

git filter-branch --index-filter \
'git update-index --remove filename' <introduction-revision-sha1>..HEAD
git push --force --verbose --dry-run
git push --force

How to remove file from git commit

The problem is that you escaped the single quote to start the command, so that the --index-filter option received the single argument 'git. The >_ is the continuation prompt when you ended the line without closing the unescaped single quote that you intended as the closing quote. The error occurred due to the git misunderstanding the resulting sequence of arguments. The correct command is simply

git filter-branch --force --index-filter 'git rm --cached --ignore-unmatch .ntvs_analysis.dat' --prune-empty

(Removed the backslash prior to the first single quote and the --prune-empty option. I removed the --tag-filter entirely, since I wasn't sure how that was needed, although --tag-filter cat -- --all was almost certainly incorrect.)

Can't push to GitHub because of large file which I already deleted

You can use

git filter-branch --index-filter 'git rm -r --cached --ignore-unmatch <file/dir>' HEAD

This will delete everything in the history of that file. The problem is that the file is present in the history.

This command changes the hashes of your commits which can be a real problem, especially on shared repositories. It should not be performed without understanding the consequences.

Edit: The git project now recommends that users use git filter-repo instead of git filter-branch.

---

Using git filter-repo

WARNING: git-filter-branch has a glut of gotchas generating mangled history
         rewrites.  Hit Ctrl-C before proceeding to abort, then use an
         alternative filtering tool such as 'git filter-repo'
         (https://github.com/newren/git-filter-repo/) instead.  See the
         filter-branch manual page for more details; to squelch this warning,
         set FILTER_BRANCH_SQUELCH_WARNING=1.

Installation

[brew|pip3|...] install git-filter-repo

Usage

To remove any file with the path prefix example/path/to/something, you can run

git filter-repo --path example/path/to/something--invert-paths

To remove any file without the path prefix example/path/to/something, you can run

git filter-repo --path example/path/to/something

---

Related Topics