Our teams production secrets/credentials are never exposed outside of their production runtime memory (that includes never being written down anywhere). We never commit unencrypted secrets (open source or not). And when encrypted we of course commit them to open source, since we need them that way to deploy to package managers (for instance).
I suggest updating the commandment ~_.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.