[palerdot]

Just using a random commit name like 'minor bug fix', 'updated version' for these kind of commits will save a lot of headaches like this.

One can do better by adding random lines/ logs in lot of files and sneakily remove password from one of them and then give a random commit name.

But then it all boils down to your mindset at that particular moment when you are commuting.

[jvehent]

> Just using a random commit name like 'minor bug fix', 'updated version' for these kind of commits will save a lot of headaches like this.

Just change the leaked passwords, don't try to hide the commits.

[vidyesh]

Precisely, just change the password/key and don't do anything at all. People might think you are stupid or think used random text, either way you are safe.

[Xorlev]

Security by obscurity is no security at all. Revoke the creds and then either just remove them or run BFG as a secondary measure.

[dbg31415]

Don't commit passwords. Put them in a config file and .gitignore it.

You could upload an example file... but please don't put real passwords in the example file.