it rewrites the history. Isn't that really enough? You can remove all the keys from the git history. and I agree , i forget the point about rotating the key which i do always in first .

No it’s not enough. Read the article and it will explain why.

Also, if you’re going to rotate your secrets (which you absolutely should do regardless) then everything else is pointless because it’s now just an invalid credential.

It might remove it from your local repo, but not from GitHub, that's the point.