TL;DR: My pre-commit-hooks repo might help you avoid checking in passwords or other secrets. Also: a suggestion that any secret string should contain NOCOMMIT. I once committed AWS keys to a public Github repository. 24 hours later, ~USD2000 had been spent mining bitcoins.