The worst nightmare of a cloud user coming true.
But my keys are in the .ssh home folder, protected, why would you put them in configs? What kind of awful deployment tools requires that?
Also, the first thing I do (and AWS recommends) is to setup billing alerts, at least you know that something bad is going on.
also setup a Budget w/ 2fa
Seconding the advice to set up billing alerts, and I would make sure it goes to a variety of email addresses in case one of them is compromised.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.