Attackers scan the public web like a directory to find your infrastructure....

https://www.nav-bookmarks.win/most-linux-admins-treat-ssh-keys-and-public-code-as-routine-but-attackers-view

Attackers scan the public web like a directory to find your infrastructure. When your SSH configurations or private repository keys leak into search indices or GitHub, you hand hackers a roadmap for credential stuffing attacks