Secrets in the code
Programming often involves keeping a bunch of secrets around. You’ve got account passwords, OAuth tokens, SSL and SSH private keys. The best way to keep a secret is, well, to…
Programming often involves keeping a bunch of secrets around. You’ve got account passwords,
OAuth tokens, SSL and SSH private keys. The best way to keep a secret is, well, to keep it secret.
Sometimes in a forgetful moment, however, those secrets get shared with the whole world.
Once a secret is out, it’s out. There are no partially compromised secrets. If you’ve pushed
sensitive information to a public repository, there’s a good chance that it’s been indexed by
Google and can be searched. And with GitHub’s new Search feature, it’s now more easily searchable
on our site.
Our help page on removing sensitive data
reminds us that once the commit has been pushed to a public repository, you should consider the
data to be compromised. If you think you may have accidentally shared private information in a repository,
we urge you to change that information (password, API key, SSH key, etc.) immediately and
purge that secret data from your repositories.
I also want to clarify that our code search results being unavailable is unrelated to this issue. Our operations team has been working on repairing and tuning the code search cluster.
We will continue to update our status site with updates on our progress. We will also be publishing a detailed post-mortem on the code search availability issues next week.
Written by
Related posts

GitHub Availability Report: May 2025
In May, we experienced three incidents that resulted in degraded performance across GitHub services.

GitHub Universe 2025: Here’s what’s in store at this year’s developer wonderland
Sharpen your skills, test out new tools, and connect with people who build like you.

GitHub Copilot: Meet the new coding agent
Implementing features has never been easier: Just assign a task or issue to Copilot. It runs in the background with GitHub Actions and submits its work as a pull request.