So last night I did the cardinal sin: I committed my AWS access details to a public repo on Github.
Fortunately, Github picked it up within a few minutes, and I immediately logged in and deleted those keys in AWS.
Iâ€™ll fix the repo later.
Two lessons learned:
- Donâ€™t do it.
- As soon as you realise youâ€™re putting keys into an app, always, always, always put them into environment variables in the first instance. I normally do this, and just tried to â€œget this bloody thing workingâ€, then forgot about that bit, then committed the changes.
Oops. That was more public than I intended to be.