Title basically
GitHub pushed API keys to GitHub themself once, so you’re not alone xD
Wasn’t this the reason they built the system to protect you from this by defining secrets not to be pushed?
Is this like when Facebook suggested you upload all your nudes so they can tell you if your sensitive photos are ever leaked.
Non prod creds, right? Right…
Narrator: It was the prod creds.
The worst case of this I heard was a crypto programmer that lost 300k$ of clients money when he accidentally pushed some crypto keys to GitHub public repository. Last I heard he was getting sued.
Reminds me of the time I forgot to lock the Ansible vault before pushing my new playbook to production. Thankfully my boss caught it and was able to scrub the commit, but I still got a very, very stern talking-to.
Ooof!
Image not visible, link missing when opening thread.
I know it’s not you, it’s me. But yeah. No idea what the image is, can’t copy paste from home thread.
Bart Simpson writing “I will not push APT keys to github” on the blackboard over and over
Thank you kind person. Funnily enough the image is now visible.
API*
Yep, edited my comment already it is midnight in my defense
But…It still says APT