Dear me,

We have noticed you uploaded files to a public github with your API keys in plaintext.

Please proceed to bang head against desk until you have learned your lesson.

Sincerely me.

Does github bot send you email to warn API keys? They need have this feature long times ago!

@LicensedCrime I prefer dotenv or private repo, but it's good to have a bot!

@LicensedCrime But I'm a JS developer. If I dont setup Node server, I cant even access fs 😅

Don't worry. Companies like DJI made the same mistake and it went unnoticed for a long time.

@LicensedCrime I'm quite certain there are people run bots scraping github for private keys.

This is definitely a good project if use it for good.

I think I will take it!

Thanks a lot!

Did this yesterday with flumBot's key :/

@sunfishcc GitHub has this feature, I accidentally uploaded API keys by mistake once and got an email right away.

If you want to know specifically, j had an email from sendgrid about 15 hours after the commit saying my account was suspended until I reset the key pair

https://rtyley.github.io/bfg-repo-c... there yo go

@Awlex The font on that page is insame

@sunfishcc Insame, that perfecly describes it🤣🤣🤣

Are you me?

I did literally that for a discord bot I'm making.

Every server which the bot was connected to got around 600 pictures (in each text channel!) of "cat grill"s, no nudity tho

You learn from your mistakes ¯\_(ツ)_/¯

Surprised people don't automatically use bitbucket for free private repositories. No fuck you if you forget your gitignore

not an programmer but tried using AWS SDKs, at least for java, the DefaultCredentialsProviderChain , in which hardcoding keys is discouraged but usable, and got other options to avoid it.

I wonder if I've done that, but as long as I haven't uploaded the file where the API are stored , aren't I safe ?? or any quick way to check ??

Maybe the following can be made to run before Each Git Push?
https://github.com/kootenpv/...