It’s no secret that leaving credentials in source code is risky, especially when tools like GitHub make it easy to share code publicly with a single command. The major players have long had tooling to help prevent this like GitHub Secret Scanning, and GitHub also makes it possible (at least in theory) for third-party providers to join the program. Unfortunately, out of the countless platforms that use secrets for authentication, only 100 or so have partnered with GitHub’s program.
In Java, classes can be instantiated using the default constructor unless there is a non-default constructor defined. One feature that I’ve often missed in Go is the ability to have such control over struct instantiation. Any exported struct definition can be defined from any other package, and methods on that struct should be written to work with the struct zero values. For example, from my FlowCache project: