[carterehsmith]

For sure.

If I remember correctly, maybe a year ago, Github actually went through public repos and emailed the people that had AKIAs in the repos. Apparently there were many of them.

Myself, upon reading about that, I went through our (non-public) repo and, sure enough, found like a dozen AKIAs with secret keys and all. Also found a random AKIA in some binary file, false alarm.

But then I was like... wait a second. How about .pem files? Yup, found several. .cer (some SSL certs), id_rsa? - yes to all.

That took a while to fix.