Skip to content

re: The Unwritten Rules for Github by devdiscuss VIEW POST


Thank you for the great article! :)

I'm glad that you explicitly pointed out not posting secrets! One thing I'd like to add is never even commit private keys/API keys/certificates/secrets, even if it is in a random local branch. If that commit is ever pushed to the remote repository on GitHub (even if the secret was deleted in future commits) a site crawler could find it in your commit log and start utilizing it.

code of conduct - report abuse