Yeah too true.
Just FYI if anyone has hit this issue before: ‘Bfg repo cleaner’ can clean the repository of any traces of files, however if you’re working on a team project the key can spread like a virus as it will ‘infect’ branches stemmed off of master in the future (if this passed code review of course). I had to deal with a situation similar to this as someone had committed a global config file containing passwords which was only meant for development. Fun times. Of course the solution for deeming an API key pair useless is just to regenerate the key, however passwords are a different story if you don’t want a history of previous passwords being revealed.
We’re a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.