If you want to remove a file permanently, you must wish to there are not change log left in Git history. Otherwise, others still could see the content in the Git repository.

There are two methods for this task:

git filter-branch

Suppose you want to remove ./config/passwd from Git:

$ git filter-branch --force --index-filter \
  'git rm --cached --ignore-unmatch ./config/password' \
  --prune-empty --tag-name-filter cat -- --all

Remember to add your sensitive file to .gitignore:

$ echo "./config/password" >> .gitignore
$ git add .gitignore
$ git commit -m "Add password to .gitignore"

Then you’d better push to remote:

$ git push --force --all
$ git push --force --tags

Tell your collaborators to rebase:

$ git rebase

BFG repo-cleaner

Use BFG Repo-Cleaner.

BFG provides a faster, simpler alternative to git filter-branch for removing sensitive data. It’s very quickly, usually 10 - 720x faster than git filter-branch.

Note: bfg will leave your latest commit untouched. It’s designed to protect you from making mistakes. You should explicitly delete the file, commit the deletion, then clean up the history to remove it.

Suppose you want to remove the file ./config/password:

$ brew install bfg ## install bfg

$ git rm config/password
$ git commit -am"remove password"

$ bfg --delete-files  password    ## remove from history

Then use git push to push to the remote repository.