TL;DR: My pre-commit-hooks [https://github.com/marick/pre-commit-hooks] repo
might help you avoid checking in passwords or other secrets. Also: a suggestion
that any secret string should contain NOCOMMIT.
--------------------------------------------------------------------------------
I once committed AWS keys to a public Github repository. 24 hours later,
~USD2000 had been spent mining bitcoins.