Make eden-gardens-os Private + GitHub Sensitive Data Sweep
Codified from Gmail draft
19dc10fe801e01f7· Apr 24 2026NOTE Apr 26 2026: Per
feedback_privacy_guardrails.md, Sam already audited repo visibility.
All 9 sensitive repos confirmed PRIVATE. 3 PUBLIC repos flagged for spot-check
(hookstreetservices-site,abnbcalc,north-woodmere-lawn-coop).
This doc is the original procedure for any future repo sweep.
Honest answer first
eden-gardens-os privacy flip = 30 seconds.
Full repo sweep for exposed secrets/PII = 30–45 min.
Do the 30-second fix TODAY. Schedule the sweep separately.
Part 1 — Flip eden-gardens-os private (30 sec)
- Go to:
github.com/zee78900/eden-gardens-os/settings - Scroll to "Danger Zone" at bottom
- "Change repository visibility" → Change to private
- Type repo name to confirm
- Done. Verify by opening incognito browser → repo URL → should 404
Part 2 — Full repo sweep (30–45 min)
-
List all your repos:
github.com/zee78900?tab=repositories -
For each PUBLIC repo, scan for:
- API keys (OpenAI, Anthropic, Google, etc.) — search forsk-,api_key,AKIA
-.envfiles (should never be committed)
- Client names (Eli, Huvie, Steinhardt, Eden Gardens)
- Financial data (account numbers, balances, SSN)
- Personal addresses, phone numbers
-CONTEXT.md/OBLIGATIONS.mdstyle files -
Quick scan command per repo (run locally):
bash git log --all -p | grep -iE "(api_key|secret|password|sk-[a-zA-Z0-9]|AKIA)" -
If anything found:
- ROTATE the secret first (assume it's already scraped)
- Then remove from history with BFG Repo-Cleaner:
bash bfg --delete-files .env <repo> git push --force -
For client/financial data: just make repo private, don't bother scrubbing history
-
Move to private (same flow as Part 1):
-hookstreet-workspace— likely should be private
-hookstreet-bos-sheets— definitely private (financial data)
- Any repo with client names -
Set defaults going forward:
github.com/settings/repositories→ "Default repository visibility" → Private -
Add a global
.gitignoretemplate:
bash touch ~/.gitignore_global
Add:CONTEXT.md,OBLIGATIONS.md,*.env,credentials/,*.key,*.pem
bash git config --global core.excludesfile ~/.gitignore_global
Done state
eden-gardens-os= private- All client/financial repos = private
- No API keys in any commit history
- Global
.gitignoreprevents future leaks - New repos default to private