I started by removing the .env files from my repository and adding them to my .gitignore so they would not be tracked in the future. After committing and pushing these changes, I still needed to remove the .env files and their contents from every past commit. To do this, I created a fresh bare clone of my repository, used git filter-repo to rewrite the commit history without the .env file, and then force-pushed the updated history back to the remote repository.

By taking these steps, I hopefully eliminated all traces of sensitive data from my repository’s history. Now, with the .env files completely gone, I can safely make my repository public withoutworrying about exposing API credentials.