Dwayne McDaniel
Stop Committing Your Secrets - GIt Hooks To The Rescue!
#1about 4 minutes
The high cost of accidental secret leaks in code
Major companies like Uber, Toyota, and Samsung have suffered significant breaches due to hard-coded credentials found in source code.
#2about 7 minutes
Why hard-coded secrets are a growing developer problem
The number of secrets exposed in public repositories is growing faster than developer population growth, often due to hurried workflows.
#3about 6 minutes
How Git's design makes committed secrets permanent
Git stores a complete, compressed snapshot of files for every commit, meaning a secret committed once remains in the repository's history forever.
#4about 5 minutes
Why manual secret management is not enough
Relying solely on .gitignore files or vaults is insufficient because human error can lead to accidental commits, which are very difficult to remove from history.
#5about 9 minutes
Automating secret prevention using local Git hooks
Git hooks provide a built-in automation platform to run scripts that can scan for secrets and block commits before they are created.
#6about 5 minutes
Comparing open source tools for secret detection
Several open source tools like AWS Git Secrets, TruffleHog, and GG Shield can be used to implement pre-commit hooks for secret detection.
#7about 2 minutes
Demo of a Git hook blocking a secret commit
A practical demonstration shows how a pre-commit hook (GG Shield) detects hard-coded AWS keys and prevents the commit from completing.
#8about 16 minutes
Key takeaways for preventing secret leaks in code
The best strategy is to avoid committing secrets in the first place by using automation like Git hooks and leveraging open source tools.
Related jobs
Jobs that call for the skills explored in this talk.
Matching moments
05:30 MIN
Securing developer access and development tools
Securing your application software supply-chain
30:56 MIN
Securing workflows with secrets and best practices
CI/CD with Github Actions
00:35 MIN
Understanding the fundamentals of GitHub Secrets
Best Practices for Using GitHub Secrets
41:45 MIN
Key takeaways for securing your application pipeline
Securing Your Web Application Pipeline From Intruders
13:58 MIN
The risk of exposing credentials in Git repositories
Securing Secrets in the GitOps era
10:03 MIN
Prevent leaked secrets with push protection and scanning
Real-World Security for Busy Developers
40:22 MIN
Q&A on GitOps secret management practices
Securing secrets in the GitOps Era
08:33 MIN
Preventing leaked secrets and managing dependencies
How GitHub secures open source
Featured Partners
Related Videos
36:33Best Practices for Using GitHub Secrets
Marcel Lupo
58:52Securing secrets in the GitOps Era
Davide Imola
29:50Real-World Security for Busy Developers
Kevin Lewis
58:57Securing Secrets in the GitOps era
Alex Soto
44:30Securing Your Web Application Pipeline From Intruders
Milecia McGregor
33:29Programming secure C#/.NET Applications: Dos & Don'ts
Sebastian Leuer
58:19Typed Security: Preventing Vulnerabilities By Design
Michael Koppmann
25:28How GitHub secures open source
Joseph Katsioloudes
Related Articles
View all articles
From learning to earning
Jobs that call for the skills explored in this talk.
Fullstack Engineer (RoR/vue.js), Software Supply Chain Security AuthorizationGitlab
GitLab
€117-252K
Senior
Gitlab
Vue.js
PostgreSQL
Ruby on Rails