> Maybe you should rethink your policy either way.
Do you have articles discussing the cons of AWS keys in private repos?
We deploy our systems on vanilla EC2 instances, which are configured by using a server orchestration system (Ansible). So for any env variables to get set, we'd have to put them in config scripts, which are currently checked into github.
To make it clear, we only check in our IAM keys that are AWS service specific, like SES.
In my circles, at least, it's standard practice to use environment variables.
But I would think clearly it'd be an option.