I wanted to do source control on my website. There were a lot of files so I just went git add -a
Unfortunately, I accidentally committed and pushed a file called credentials.txt that had my ftp and db details. I've tried deleting the file, committing then pushing but it still shows the file when I browse my repo on github in the history.
Is there anyway to get rid of this?
Github has a nice guide on this exact topic. It explains how to get it out of the repository, as well as how to deal with the data that may already be in public hands.
You'll have to rewrite history using git filter-branch. Andy has posted a link to a guide on github for doing this.
Regardless of that, removing the file won't undo the damage - anyone who pulled your repo in the meantime has it, and at the very least it's in github's infrastructure. So, don't bother.
Instead of trying to hide what happened, do damage control and change your passwords. Don't try to contain a secret that's already out - to quote Benjamin Franklin, "the only way three people can keep a secret is if two of them are dead".
If it's on the Internet even for a moment, it's safe to assume it's been saved by a dozen or more people. If you don't work from that perspective it will probably come back to bite you.
