Dwayne McDaniel
Stop Committing Your Secrets - GIt Hooks To The Rescue!
#1about 4 minutes
The high cost of accidental secret leaks in code
Major companies like Uber, Toyota, and Samsung have suffered significant breaches due to hard-coded credentials found in source code.
#2about 7 minutes
Why hard-coded secrets are a growing developer problem
The number of secrets exposed in public repositories is growing faster than developer population growth, often due to hurried workflows.
#3about 6 minutes
How Git's design makes committed secrets permanent
Git stores a complete, compressed snapshot of files for every commit, meaning a secret committed once remains in the repository's history forever.
#4about 5 minutes
Why manual secret management is not enough
Relying solely on .gitignore files or vaults is insufficient because human error can lead to accidental commits, which are very difficult to remove from history.
#5about 9 minutes
Automating secret prevention using local Git hooks
Git hooks provide a built-in automation platform to run scripts that can scan for secrets and block commits before they are created.
#6about 5 minutes
Comparing open source tools for secret detection
Several open source tools like AWS Git Secrets, TruffleHog, and GG Shield can be used to implement pre-commit hooks for secret detection.
#7about 2 minutes
Demo of a Git hook blocking a secret commit
A practical demonstration shows how a pre-commit hook (GG Shield) detects hard-coded AWS keys and prevents the commit from completing.
#8about 16 minutes
Key takeaways for preventing secret leaks in code
The best strategy is to avoid committing secrets in the first place by using automation like Git hooks and leveraging open source tools.
Related jobs
Jobs that call for the skills explored in this talk.
Matching moments
05:30 MIN
Securing developer access and development tools
Securing your application software supply-chain
30:56 MIN
Securing workflows with secrets and best practices
CI/CD with Github Actions
41:45 MIN
Key takeaways for securing your application pipeline
Securing Your Web Application Pipeline From Intruders
40:22 MIN
Q&A on GitOps secret management practices
Securing secrets in the GitOps Era
08:33 MIN
Preventing leaked secrets and managing dependencies
How GitHub secures open source
07:34 MIN
The security risk of storing secrets in Git
Securing secrets in the GitOps Era
55:17 MIN
Avoiding common security mistakes and giving better feedback
The weekly developer show: Boosting Python with CUDA, CSS Updates & Navigating New Tech Stacks
42:23 MIN
Q&A: GitOps, CI tools, and security management
GitOps: The past, present and future
Featured Partners
Related Videos
44:30Securing Your Web Application Pipeline From Intruders
Milecia McGregor
37:36Walking into the era of Supply Chain Risks
Vandana Verma
33:20DevSecOps: Security in DevOps
Aarno Aukia
29:34You can’t hack what you can’t see
Reto Kaeser
37:32Cyber Security: Small, and Large!
Martin Schmiedecker
36:33Best Practices for Using GitHub Secrets
Marcel Lupo
40:38How to Cause (or Prevent) a Massive Data Breach- Secure Coding and IDOR
Anna Bacher
58:52Securing secrets in the GitOps Era
Davide Imola
From learning to earning
Jobs that call for the skills explored in this talk.
Fullstack Engineer (RoR/vue.js), Software Supply Chain Security AuthorizationGitlab
GitLab
€117-252K
Senior
Gitlab
Vue.js
PostgreSQL
Ruby on Rails
Senior Full Stack.NET Developer Senior Full Stack .NET Developer
Secret Source
Municipality of Madrid, Spain
Remote
CSS
GIT
.NET
REST
+9
DevSecOps Engineer Jr-Mid | Remote | *Attention - developers with a passion for security*
Punk Security Ltd.
Remote
€30-40K
Junior
Go
Java
.NET
+9
Lead Developer (all-in-one-security) - WordPress
TeamUpdraft
Municipality of Madrid, Spain
Remote
PHP
GIT
Gitlab
WordPress
+1
Security Solution Designer (SSH Key/Cryptography)
DevNull Security
Edinburgh, United Kingdom
Remote
€80-90K
UML
JIRA
Azure
+2
Cyber Security Content Engineer, Blue Team - Azure
TryHackMe
Charing Cross, United Kingdom
Remote
€46K
Intermediate
PHP
Bash
Azure
+2