# 不小心把key推到github怎麼辦
> GitHub, key, API key, 敏感資料, git filter-repo, git filter-branch, 移除敏感資 料, 資訊安全, git repository, BFG, 敏感信息, GitHub 安全, git remote, git push force, 數據清理, git歷史重寫
我看最近搜尋到到的資料都是使用git filter-branch 去處理
可是官方網站上面就有這樣一則Warning 且推薦了其他方法
> WARNING
> git filter-branch has a plethora of pitfalls that can produce non-obvious manglings of the intended history rewrite (and can leave you with little time to investigate such problems since it has such abysmal performance). These safety and performance issues cannot be backward compatibly fixed and as such, its use is not recommended. Please use an alternative history filtering tool such as git filter-repo. If you still need to use git filter-branch, please carefully read SAFETY (and PERFORMANCE) to learn about the land mines of filter-branch, and then vigilantly avoid as many of the hazards listed there as reasonably possible.
* github官方教學
* [從git中移除敏感資料](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository)
## 法一
[git-filter-repo](https://github.com/newren/git-filter-repo)
[manual](https://htmlpreview.github.io/?https://github.com/newren/git-filter-repo/blob/docs/html/git-filter-repo.html)
### Windows
#### 下載
[install.md](https://github.com/newren/git-filter-repo/blob/main/INSTALL.md#simple-installation)
> Simple Installation
> All you need to do is download one file: [the git-filter-repo script in this repository](https://github.com/newren/git-filter-repo/blob/main/git-filter-repo) , making sure to preserve its name (git-filter-repo, with no extension). That's it. You're done.
直接下載 [git-filter-repo](https://raw.githubusercontent.com/newren/git-filter-repo/main/git-filter-repo)
#### 使用
1. 把敏感資料apikey, password ...寫進txt檔案裏面,一行一個
* senstive.txt
```=
5cccfa46-92d5-4ebe-9905-470155c3d6a8
strongpassword
```
2. 在windows 上用python 在你的專案下面執行
`python git-filter-repo.py --replace-text senstive.txt`
3. 然後把 git remote 加回來
4. 把清理過的git推上去
`git push origin --force --all` (慎用)
## 法二
[BFG](https://rtyley.github.io/bfg-repo-cleaner/)
我沒用過
你可以去 [github doc](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository)看
Sign in with Wallet
Connect another wallet