Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Does github bot send you email to warn API keys? They need have this feature long times ago!
@LicensedCrime I prefer dotenv or private repo, but it's good to have a bot!
@LicensedCrime But I'm a JS developer. If I dont setup Node server, I cant even access fs 😅
Don't worry. Companies like DJI made the same mistake and it went unnoticed for a long time.
@LicensedCrime I'm quite certain there are people run bots scraping github for private keys.
This is definitely a good project if use it for good.
I think I will take it!
Thanks a lot!
Golank4615yDid this yesterday with flumBot's key :/
52cal5115y@sunfishcc GitHub has this feature, I accidentally uploaded API keys by mistake once and got an email right away.
If you want to know specifically, j had an email from sendgrid about 15 hours after the commit saying my account was suspended until I reset the key pair
Awlex183505yhttps://rtyley.github.io/bfg-repo-c... there yo go
@Awlex The font on that page is insame
Awlex183505y@sunfishcc Insame, that perfecly describes it🤣🤣🤣
V-ed795yAre you me?
I did literally that for a discord bot I'm making.
Every server which the bot was connected to got around 600 pictures (in each text channel!) of "cat grill"s, no nudity tho
You learn from your mistakes ¯\_(ツ)_/¯
fives10725ySurprised people don't automatically use bitbucket for free private repositories. No fuck you if you forget your gitignore
japzio77445ynot an programmer but tried using AWS SDKs, at least for java, the DefaultCredentialsProviderChain , in which hardcoding keys is discouraged but usable, and got other options to avoid it.
rookie175yI wonder if I've done that, but as long as I haven't uploaded the file where the API are stored , aren't I safe ?? or any quick way to check ??
Deniii1735yMaybe the following can be made to run before Each Git Push?
We have noticed you uploaded files to a public github with your API keys in plaintext.
Please proceed to bang head against desk until you have learned your lesson.