Ask HN: How To Secure My Open Source Repo

6 points by Ryel ↗ HN
I'm getting ready to make public a few of my private repos. I have various things from scripts to libraries to routers and website clones.

I'm just wondering what security concerns I need to cover before making these repos public?

-I never directly enter my Amazon AWS credentials -I've removed Heroku credentials of all kinds -I've removed most of my site-specific syntax just in case.. -Removed database credentials

Any other "gotchas" that I should worry about?

Do you have any experiences with people doing malicious things to your open source projects?

6 comments

[ 4.0 ms ] story [ 27.9 ms ] thread
You removed heroku credentials, but, are they still in the git history?
The only Heroku information that I've ever put into repos is occasional plugin information. Nothing critical to security but definitely specific to the particular site. (potentially a security risk that I may not be aware of)

I will take care of it just in case, thanks!

I suggest that you copy the files (after they have been cleaned) over and create a fresh new and empty git repository, then publish that instead. Don't publish the original git repository that contains the history.