How can I remove a file from git using filter-branch making it so I cannot still git grep the contents?

I've been trying really开发者_运维百科 hard to remove a file with sensitive data from my git repository using this excellent page (among others): http://help.github.com/removing-sensitive-data/

the primary line being:

git filter-branch --index-filter 'git rm --cached \
    --ignore-unmatch FileWithSecrets.java' HEAD

However even when I follow the instructions including the pruning and garbage collection of objects the fact that I've rewritten the history does not seem to remove the file completely.

The point being I can still find the file's contents using git grep: git grep $(git rev-list --all)

....and it still shows up.

Am I missing something obvious or non-obvious? Why can I still "git grep" the contents?

I do see that the file is no longer in the changeset when I do a "git show" of the commit where it got added. But even so I can still grep it - like it's been removed from the branch history but is still floating out there?

Git is fun, cool and amazing but really can shake one's self confidence :)

thanks!! Brendan

---

I didn't try this, but since the last argument to git filter-branch is defined as [--] [<rev-list options>...] and you're getting the sensitive info from the revs in git rev-list --all, this should work:

git filter-branch --index-filter 'git rm --cached \
--ignore-unmatch FileWithSecrets.java' -- --all
                                       ^^^^^^^^