[ransom1538]

"If the secrecy of your code is the only thing stopping hackers from exploiting you"

I hate these types of arguments. Yeah no one said that ever.

Losing your code base is terrible. I view it as losing a journal. What your company tries, tests you run, funny comments, or funny mistakes. I mean they post it on the net, blackmail team members, imposter team members, forge for leaks, sell it, pushes to prod from compromised accounts, CI systems, -- seems bad to me. Sure don't have aws keys in there.

[diggan]

Glad to be talking with you too! :) I didn't mean to imply you said something you didn't, only that I would consider access keys to various services be of much more importance the code base itself. I read you comment as "Doesn't matter about the access keys, if they have your source code, you're screwed no matter what", which in that case would seem a bit strong.

Also "pushes to prod from compromised accounts, CI systems" seems more related to access keys and account security rather than the actual code base.

But hey, in the end I'm no security expert so what do I know.