Don't Deploy Your API Keys to Public Github Repos

Horror stories abound describing problems people have when crawlers intercept their API keys enabling malicious use. Take extra steps to ensure you never push your keys and secrets for public viewing in github.
Even if you deleted your repo containing secrets - consider them exposed because github cashes everything. The only way out of the mess once you push your keys to github - is to change them rendering the old ones unusable.