Security Private keys

DO NOT store private keys or tokens in public code repositories. Since the repo is public, these sensitive information can be reused for purposes not intended by the owners.

What to do if sensitive information has been published

1. Deactivate keys in AWS.
2. Use git-obliterate or bfg to delete files in the repository that contain the information; or
3. Delete the repository.

Resources

• Github's guide to removing sensitive data (help.github.com)