The best answer I found is described by GitHub themselves: Removing sensitive data from a repository.

Greatly recommend using this, esp. if your remote is on GitHub. Just using the answers in this thread will require googling a lot more (which was my way), while the article contains everything from here and most of other advice you may need to (and sometimes must) follow - with every required comment and precaution. Very comprehensive and yet very easy to read.