This is a throwaway key that's used for tests. But other people may miss it. So I've explicitly marked these files and config cmds as test files and cmds. Also, I put a warning msg to log and to README.

If you put production cert & key to config (see README), warning disappear.

Thanks for the report!

P.S. See updated status of issue #2

It's more helpful to private message people these things, sometimes the author doesn't even know their project has been posted to HN.

Last week I wanted to comment about a bug on HN, then I realized it's more constructive to open up an issue on their Github repo.

I compared the author's Github username and the submitter's HN username and assumed that they were the same person. Though a private message is probably still a good idea.

Yeah, I'm working on this project alone. Feel free to ask me for features.

As far as I can tell, this is a throwaway key thats used for tests.

Likely it is just a throwaway.

If nothing else, this might remind those who see it that you can leak private keys / passwords if you put then in source control.

Chris Poole described having this exact problem, in his recent post about 4Chan being hacked - AWS keys in the commit history. (http://chrishateswriting.com/post/84931829578/when-a-bad-day...)