1. Rotate Your Credentials
2. Remove Historical References
2.A. Review repo access permissions
4. Establish Your Workflow & Process
5. Preventing Credential Exposure Going Forward
Use a visual program like GitHub Desktop or gitk to commit changes.
Use git commands in accordance with best practices.
Ignore files with sensitive information.
Store credentials safely.
Leverage safety controls provided by the third-party services issuing API keys.
Use temporary credentials with expiration dates if the service allows it.
Treat secrets equally. Protect dev/test secrets in addition to production secrets.
Avoid sharing credentials & secrets.
Scan GitHub repositories at different parts of the SDLC.