Watch Out For Releasing Your Secrets On GitHub …

The great thing about the Cloud is that you can quickly automate your infrastructure using scripts. But the details of your account will often be stored within the code (typically as a header file). So if someone gets access to the code, they can determine your Cloud account, and could then compromise the infrastructure. For example, with Amazon we can create S3 data buckets, and then connect to them with a Python script:

from boto.s3.connection import S3Connection
conn = S3Connection('<aws access key>', '<aws secret key>')