

Ask HN: How To Secure My Open Source Repo - Ryel

I&#x27;m getting ready to make public a few of my private repos.  I have various things from scripts to libraries to routers and website clones.<p>I&#x27;m just wondering what security concerns I need to cover before making these repos public?<p>-I never directly enter my Amazon AWS credentials
-I&#x27;ve removed Heroku credentials of all kinds
-I&#x27;ve removed most of my site-specific syntax just in case..
-Removed database credentials<p>Any other &quot;gotchas&quot; that I should worry about?<p>Do you have any experiences with people doing malicious things to your open source projects?
======
abimaelmartell
You removed heroku credentials, but, are they still in the git history?

~~~
zachlatta
Definitely check this. You might find
[https://help.github.com/articles/remove-sensitive-
data](https://help.github.com/articles/remove-sensitive-data) helpful.

~~~
Ryel
Was just looking for this, thanks!

~~~
citruspi
Check for database credentials too - you said you removed them, but they're
probably still in the history.

------
borplk
I suggest that you copy the files (after they have been cleaned) over and
create a fresh new and empty git repository, then publish that instead. Don't
publish the original git repository that contains the history.

