[thebigshane]

isn't this a problem? https://github.com/baicunko/scanyourpdf/blob/master/convertp...

[baicunko]

I manually modified the private key on the server before publishing here. Still learning on ENV VARIABLES and I couldn't make them work!

[411111111111111]

You might want to just switch to a dotenv library. Quick Google for Django yielded https://github.com/jpadilla/django-dotenv

[capableweb]

Dotenv libraries are just for dev and other similar environments. In production you should still use normal environment variables (or whatever system you use to load your configuration), as dotenv files stay on the filesystem and sometimes even committed to your SCM.

[vmception]

haha this is like those domain name search websites that just automatically register the good sounding domain names for themselves once the user types it in.

do you OP! I think it still provides a service, enjoy all the secrets

[kchr]

If you upload secrets to public sites you're in trouble regardless of whether they claim "secure" hosting or not...

And what makes you think the operator has nefarious intent?

[rozab]

I thought github had hooks for this kind of thing now? I remember it caught a private key I tried to push to a similar django repo (not for a prod site or anything), and that was about 2 years ago

[dewey]

I think this only works for secret keys that have a certain pattern like AWS keys.