You should upload all your project files to GitHub or Bitbucket.
Some secrets need to stay secret.
A good example is environment files, where we store our DB credentials and API keys.
You can use the gitignore file to disallow them from entering the cloud. But if you've accidentally shared them already, adding them on gitignore later won't help.
Your secret may be on all the branches and commits history. Your secrets are on the internet!
Here's how to remove them permanently and stay safe.