.gitignore after commit
Master System Design with Codemia
Enhance your system design skills with over 120 practice problems, detailed solutions, and hands-on exercises.
Introduction
Adding a file to .gitignore does not make Git forget a file that is already tracked. Once a path has been committed, Git continues to track it until you explicitly remove it from the index, even if the ignore rules now match it.
What .gitignore Actually Does
.gitignore only affects untracked files. It tells Git which new paths it should ignore when checking the working tree for files to add.
That means this sequence does not solve the whole problem by itself:
If .env was already committed earlier, Git still tracks it. The ignore rule prevents future accidental git add operations on an untracked .env, but it does not retroactively untrack the file.
How to Stop Tracking an Already Committed File
To keep the file on disk but remove it from Git's index, use git rm --cached.
After that commit:
- the file remains in your working directory
- Git stops tracking it
- future changes to that file are ignored if
.gitignorematches it
For a whole directory:
This is the standard fix.
A Concrete Example
Suppose you accidentally committed logs/app.log and later decide logs should be ignored.
Add the rule:
Then remove the tracked file from the index:
Now Git will stop showing new log changes in git status, because the path is both untracked and ignored.
When Sensitive Data Was Already Committed
Ignoring a file after commit is not enough if the file contains secrets. .gitignore only affects future tracking; it does not remove the file from commit history.
If secrets were committed, the real response usually includes:
- rotating the exposed secret
- removing the file from the current index with
git rm --cached - optionally rewriting repository history if the leak must be removed from old commits
For history cleanup, modern Git recommends git filter-repo rather than older filter-branch workflows, but history rewriting needs coordination with everyone using the repository.
Global Ignore Versus Repository Ignore
Not every ignore rule belongs in the project. Personal editor files such as .DS_Store or local IDE settings often belong in a global ignore file instead.
Example:
Use the repository .gitignore for files the entire team should ignore. Use a global ignore file for machine-specific clutter.
Debugging Ignore Behavior
If Git does not seem to honor an ignore rule, ask Git which rule applies:
If nothing is printed, one of these is probably true:
- the file is still tracked
- the pattern does not match the path you think it matches
- the ignore rule is in the wrong file
You can also check whether Git still tracks the path:
If it appears in the output, it is tracked, and .gitignore alone will not change that.
Common Pitfalls
The biggest mistake is expecting .gitignore to untrack files automatically. It never has.
Another mistake is using git rm without --cached when you meant to keep the local file. Plain git rm deletes the file from disk as well as from the index.
Teams also add secret files to .gitignore and assume the incident is resolved, even though the secret remains in commit history. If credentials were exposed, rotate them first.
Finally, broad ignore patterns such as *.json or build* can hide files the project actually needs. Keep ignore rules specific enough to avoid collateral damage.
Summary
- '
.gitignoreonly affects untracked files, not files that are already committed.' - Use
git rm --cachedto stop tracking a file while keeping it on disk. - If a directory is already tracked, remove it from the index with
git rm -r --cached. - For secrets, ignoring the file is not enough; rotate credentials and consider history cleanup.
- Use
git check-ignore -vandgit ls-fileswhen ignore behavior seems inconsistent.
