Making a Git project open source when you have secret keys
You could remove the secret keys from the repository using a hammer like git filter-branch
. There is a nice explanation on GitHub's help pages.
I used a new .gitignore which already excluded all the private stuff/secret keys and copied everything into a fresh repository. If I ever need access again to the old git history, I have left a copy of it.
Check out git-castle
(https://www.npmjs.com/package/git-castle)!
You can add contributors to your whitelist and allow them to use your keys.