Stranger danger — Prevent the leaking of secrets when committing code
Developers are required to develop solutions, write code.
However, as humans, it is inevitable that we make mistakes. In some instances, this would include leaking secrets via the commits to our codebases. How can we minimise or prevent such incidents from occurring?
Introduction
Have you ever accidentally commit secrets, or know someone who has done that, into some code repository? If you have worked on a codebase for some time, or have been with a team or company long enough, chances are that you would have experienced such incidents occurring from time to time.
It is important that we address the issues directly when discovered, by removing the files from the commits and branches, and garbage collect the dangling commits. However, for each incident that occurs, it can result in both direct and indirect financial loss to the company — the potential on leaked secrets leading to bigger incidents, as well as the manhours spent each time to clean up and rotate the leaked secrets. This applies to private code repositories as well, as these repositories are not designed to manage secrets (for example, a developer could have access to the code, but not the production secrets).
