We recently found a bug where exporting your project to Github would also export the contents of the .env file. This bug has been fixed but we wanted to let you know so that you could ensure the safety of your keys.
If you did a Github export after Jan 4, 2017, please check your repos and make sure that that the .env file is not publicly exposed.
If it has been, you can delete the repo and export again to a fresh one. To be on the safe side, you should also make sure to change any tokens that were exposed even if they haven’t been compromised.
The bug was introduced during a recent architecture rewrite to improve import/export performance and lay the groundwork for Gomix revision history features.
We’re really sorry this happened. If you have any related issues, or need any help with this, please either let us know below or contact us privately at email@example.com.