[badthingfactory]

My largest concern is how frequently is my code sent to the cloud? Sometimes when building integrations, I hard code private keys just to get things working and then pull them out into config files that aren't checked into source control. Not knowing where that key might have gone would bother me.

[alexflint]

One of the big things we've worked on over the past few months is giving users fine grained control of which files are indexed by kite:

- Kite only indexes directories that you have explicitly enabled

- You can create a .kiteignore file (same semantics as .gitignore) to exclude specific files / patterns.

[semi-extrinsic]

Do you have a sanitizer that detects stuff that looks like crypto keys and censors it before upload? Offhand, sounds like it would be pretty easy to compute just using an appropriate entropy measure.

[askvictor]

It would probably make sense to default to using .gitignore if a .kiteignore hasn't been specified; likely the same things that you'd want hidden.

[badthingfactory]

That clarifies things. Thanks!

[autotune]

Why not set them as environment variables? Add a debug mode or whatever and then if set, pull from environment vars instead of config files. Not saying you should trust Kite to keep your code, but as a general practice might be a better idea.