Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community!

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

Development Tools

Securing Github's account

An article on ArsTechnica about exposing credentials/passwords that should never be made public. http://arstechnica.com/security/2013/01/psa-dont-upload-your-important-passwords-to-github/

I don't quite understand when they said dont upload your ssh keys,passwords etc. I'm a little concerned that I might commit a stupid mistake and compromise sensitive info. (sorry if im really being paranoid. better safe than sorry)

2 Answers

Hi Metzu- I think the article was just reminding folks that Github is a public repository, and sometimes users will inadvertently post sensitive information without realizing that anyone can access that information. I'd only worry about it is you are using authentication in your code (i.e API keys, passwords, etc.). Does that answer your question?

Best, Greg

Ken Alger
Ken Alger
Treehouse Teacher


Yes, that is something about which to be concerned for sure. I typically move all of my sensitive information out into another file, add that file to .gitignore and then in the project README.md file make a note to folks about the necessity for them to get their own API keys from somesite.com for the project to work and the file name and location that your project will be looking to find those API keys.

Happy coding,