[Nacraile]

FWIW, Amazon proactively scans GitHub for AWS key leaks, notifies the account holder, and flags the account (they will disable the account if they start seeing active abuse and can't get in touch with the actual owner to get keys rotated). So any keys you find are going to get invalidated in short order.

They're also pretty good about forgiving the charges for the fraudulent use.

> What is the best way to share things like API keys among a team of developers, anyway? I'm surprised this hasn't been solved already (perhaps it has and I just don't know about it). I know you can share passwords with tools like LastPass and 1Password, and I suppose you could use those for API keys as well?

Here, we have an IAM account for each dev. Permissions are basically read anything except a few sensitive things (billing, IAM), plus the write permissions we need as operators. We each have our own console login password, and keep our own access keys locally. It's pretty easy to add/remove accounts for new/departing devs, and the potential to individualize permissions is there.