Part of what we do for clients is monitor GitHub public repositories looking for times when their code and secrets have leaked.
If we find any other secrets along the way, we feel it is in the best interest of the security of the internet overall to make the committer aware this has happened.
As you likely already know, once any hardcoded credentials are exposed in a public repository, it can take only a few minutes for bots to find and start trying to exploit them.
We strive to do better and would love your feedback if this was a false positive. Thanks for your help in improving our efforts to protect public GitHub users.
This means just removing a secret from the next commit does not remove the credential from the repo.
We recommend treating every credential committed in public as a compromised credential and rotating it as soon as possible.
Read more about removing a commit from your git history.
"GitGuardian detects more than 16000 secrets hardcoded into GitHub commits daily" (imagine those w/o GitGuardian ;-)) have a good day
The @GitGuardian service is awesome. Just wanted to point that out! #livesaviour
@GitGuardian thnx for helping detect the leak of my AWS keys on Github saved me a lot of potential embarrassment in front of employers