liftedpixel
commented
6 years ago In the future, I will leave the keys up longer. I actually had them up at first, then removed them. Before submitting, I should put them back online so pulling down the repo works right away. Since we're done reviewing it for now, I'm leaving the keys out, but added a notice to the readme about it.
It's definitely a good practice to keep your secret API keys out of your Github repos, but if the purpose of the repo is provide a working demo of your work then leaving out the keys defeats the purpose.
You should probably write a README that explains to a potential programmer wanting to use your code that they'll need to include a
.secretsfile (and where to include it) so that they're able to use your code. Always document the specific steps someone will need to follow to make full use of your repo.