How to Keep Secrets Safe on GitHub

Gerald: If you run an open source project, it's probably worth turning on or at least looking into the secret scanning that GitHub has if it's on GitHub. So there's this practice in security engineering, which I'm sure a lot of your listeners would have heard of, which is called threat modeling. And so I thought a good way to frame that would be like a time loop story where our protagonist is kind of running this service and every time through the time loop his service gets pwned and taken down via some kind of compromise of secrets. He wakes up and has to do it all again and try to secure things properly. That's the where we get started.