Scrubbing tokens from source code is not enough, as shown by the publishing of a Python Software Foundation access token with administrator privileges to a container image on Docker Hub. A personal ...
Nothing broke, so I never looked.
Less hunting. More answers. Same homelab.