Sooooooo…. The other day I committed a change with this message:

“Committing the ultimate sin in committing secret keys again however this repo is and will always be private and my pis will be hidden on my network so it shouuuuuuld be fine... right...”

And then you made it public in DevRant

clever...

https://git-secret.io/

You're welcome.

@sariel Nice idea.

@queekusme How sinful depends on whether you then push it to untrusted remotes.

Before my work stuff moved on to GKE, we had an encrypted JSON file in the repo with the secrets. Thing is, the passphrase was in README.md.

Y'all really trying to get internet-famous on the next Github repos leak

@impermanentcode it’s not on GitHub

@sariel ooh, this is nice

@Hazarth the problem with your assumptions is that my network is public… my pis are airgapped at the moment and if I ever put them on the internet I’m refreshing the keys anyway…

I’m probably more security paranoid than I need to be but for the time being whilst I work on my ansible playbooks, I’m resetting my pis on a monthly basis…

my final outline is still months away as I still have stuff to add and even then stuff will always be subject to change…