I’m using a github repo as a backup for my website. Is there any files or folders that I should avoid having in a public repo? I’m thinking of user accounts, kirby license key, or anything like that?
It is not a huge or critical website, so I do not mind at all having everything public. I just do not want to get screwed by hackers 
There’s a standard gitignore file in the starterkit. You can find it here: https://github.com/getkirby/starterkit/blob/master/.gitignore
You should also consider hiding your license key from the config file (see for example License in config.php and deployment) as well as any other critical information for APIs or authentication anywhere on your site.
Okay thank’s a lot for your answer, I will update my gitignore and hide the license key.