Good practice dictates a disconnect of sensitive information in the configuration.yaml that defines homes assistant, by design into a secret.yaml file that is excluded when synced to external version control systems (aka github). While in development it isn't always done that way and therefor a commit to github is put off. Well today all the api, username, and password data was moved to secret.yaml so a github merge can happen anytime. I think that repo is set to private, but I should really check...

yep. all good.

Nov 15 update: still not merged though. That shit must be taken seriously; Git is not a tool to trifled with.