I have sensitive key information probably on several branches in multiple commits. I am stupid. When I was first learning about aws and setting it up with fog and carrierwave it hadn't even occured to me that my secret keys were being published to github every commit. Even after I tried to add the files to the gitignore. The problem is, how do I undo many many commits that publish this information and implement a gem like figaro to keep that info secret from github? I almost have to delete my repo...
Don't touch your github repo. Simply connect to AWS, go to IAM->Users and find the username. Now, go to the 'Security Credentials' tab, and scroll down to 'Access Keys'. Click 'Create Access Key' button. Make a note of the new access key (but not on GitHub!) and replace the compromised keys with the new keys.
Once you're done, click 'Make Inactive' under 'Status' for the old keys. Once you've had new keys in place for a few days or a week, with no problems, simply delete the old keys.
You can leave the old keys in GitHub, as, once you click 'Make Inactive', they are useless anyways.