I've tried to remove all the API keys from this repo that I use.

But I accidentally included the history from a private upstream repo and there are some in the history.

I've rolled these keys already (Stripe, Giphy and Gsuite/GCP). And it's worth noting that both Stripe and GCP contacted me within minutes (using some sort of automatic monitoring magic) and told me of the credentials being in a public repo and advised on next steps. Pretty amazing stuff.