Say you accidentally commited a pssword / credential or some random private data to a Github repo. The traditional way is to use git-filter-branch. An easier and faster alternative is to use BFP Repo-Cleaner.
The usage is very straightforwards, but these are the additional steps I undertook to get it working on WSL2 / Ubuntu.
Firstly, you need to run these commands:
$ sudo apt update
$ sudo apt install openjdk-11-jdkCheck if its installed:
$ java -versionThis should show something like this:
openjdk version "24" 2025-03-18
OpenJDK Runtime Environment (build 24+36-snap)
OpenJDK 64-Bit Server VM (build 24+36-snap, mixed mode, sharing)Find the path of your Java install.
$ which javaAdd this to your .zshrc or .bashrc file as an environment variable:
JAVA_HOME=/snap/openjdk/current/jdk/bin/javaRestart the current shell.
Check if the JAVA_HOME variable is set properly:
$ echo $JAVA_HOMEDownload BFP Repo-Cleaner and extract the .jar file. Follow the steps to run it. In summary, you need to clone your repo and then create a password.txt with the leaked password/credentials.
Run the command like this:
java -jar bfg.jar --replace-text passwords.txt your-repo-name-folderAnd this will clean your repo’s history of all passwrods and replace it with ***REMOVED***.