Hey, maybe try running a GitGuardian [1] scan on all those repositories to look for hardcoded secrets. GitGuardian can also test in some cases if the secrets are valid or not, meaning you have to revoke and rotate them asap. I hope this helps.
Here's a checklist [1] (again, from gitguardian) of steps to follow before open-sourcing projects and [2] a guide on how to remediate hardcoded/exposed secrets.
Great idea, but hard to enforce. Just use a scanning CLI like TruffleHog, Gitleaks, or ggshield from GitGuardian to catch all sorts of hardcoded secrets.
The access model on platforms like GitHub is flawed, a single account can be used for both professional and personal projects/repositories, leading to “fat finger” errors like this one here...