TL;DR: My pre-commit-hooks [https://github.com/marick/pre-commit-hooks] repo might help you avoid checking in passwords or other secrets. Also: a suggestion that any secret string should contain NOCOMMIT. -------------------------------------------------------------------------------- I once committed AWS keys to a public Github repository. 24 hours later, ~USD2000 had been spent mining bitcoins.