Dwayne McDaniel

Stop Committing Your Secrets - GIt Hooks To The Rescue!

What if you could automatically block secrets from ever entering your Git history? Learn how pre-commit hooks prevent costly leaks before they happen.

Stop Committing Your Secrets - GIt Hooks To The Rescue!
#1about 4 minutes

The high cost of accidental secret leaks in code

Major companies like Uber, Toyota, and Samsung have suffered significant breaches due to hard-coded credentials found in source code.

#2about 7 minutes

Why hard-coded secrets are a growing developer problem

The number of secrets exposed in public repositories is growing faster than developer population growth, often due to hurried workflows.

#3about 6 minutes

How Git's design makes committed secrets permanent

Git stores a complete, compressed snapshot of files for every commit, meaning a secret committed once remains in the repository's history forever.

#4about 5 minutes

Why manual secret management is not enough

Relying solely on .gitignore files or vaults is insufficient because human error can lead to accidental commits, which are very difficult to remove from history.

#5about 9 minutes

Automating secret prevention using local Git hooks

Git hooks provide a built-in automation platform to run scripts that can scan for secrets and block commits before they are created.

#6about 5 minutes

Comparing open source tools for secret detection

Several open source tools like AWS Git Secrets, TruffleHog, and GG Shield can be used to implement pre-commit hooks for secret detection.

#7about 2 minutes

Demo of a Git hook blocking a secret commit

A practical demonstration shows how a pre-commit hook (GG Shield) detects hard-coded AWS keys and prevents the commit from completing.

#8about 16 minutes

Key takeaways for preventing secret leaks in code

The best strategy is to avoid committing secrets in the first place by using automation like Git hooks and leveraging open source tools.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Shifting from talent acquisition to talent architecture
03:28 MIN

Shifting from talent acquisition to talent architecture

The Future of HR Lies in AND – Not in OR

Understanding global differences in work culture and motivation
06:10 MIN

Understanding global differences in work culture and motivation

The Future of HR Lies in AND – Not in OR

Preventing exposed API keys in AI-assisted development
03:45 MIN

Preventing exposed API keys in AI-assisted development

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

The importance of a fighting spirit to avoid complacency
06:04 MIN

The importance of a fighting spirit to avoid complacency

The Future of HR Lies in AND – Not in OR

How AI can create more human moments in HR
03:13 MIN

How AI can create more human moments in HR

The Future of HR Lies in AND – Not in OR

How the HR function has evolved over three decades
05:10 MIN

How the HR function has evolved over three decades

The Future of HR Lies in AND – Not in OR

Navigating ambiguity as a core HR competency
04:22 MIN

Navigating ambiguity as a core HR competency

The Future of HR Lies in AND – Not in OR

Balancing business, technology, and people for holistic success
06:51 MIN

Balancing business, technology, and people for holistic success

The Future of HR Lies in AND – Not in OR

Featured Partners

Related Videos

See all videos
Best Practices for Using GitHub Secrets36:33

Best Practices for Using GitHub Secrets

Marcel Lupo

Securing Secrets in the GitOps era58:57

Securing Secrets in the GitOps era

Alex Soto

Real-World Security for Busy Developers29:50

Real-World Security for Busy Developers

Kevin Lewis

Securing secrets in the GitOps Era58:52

Securing secrets in the GitOps Era

Davide Imola

Securing Your Web Application Pipeline From Intruders44:30

Securing Your Web Application Pipeline From Intruders

Milecia McGregor

How GitHub secures open source25:28

How GitHub secures open source

Joseph Katsioloudes

Typed Security: Preventing Vulnerabilities By Design58:19

Typed Security: Preventing Vulnerabilities By Design

Michael Koppmann

Supply Chain Security and the Real World: Lessons From Incidents24:47

Supply Chain Security and the Real World: Lessons From Incidents

Adrian Mouat

Related Articles

View all articles
DC
Daniel Cranney
Dev Digest 194: AI vs. Version Control, Password Louvre & Cursed Webdev
Inside last week’s Dev Digest 194 . 🧠 Learn how to become an AI-native software engineer 🤷‍♂️ How can you stand out when anyone can build anything? 👂 Whisper Leak allows listening to encrypted chats 🐝 What’s new the OWASP2025 Top Ten List 🙅‍♀️ Curse...
Dev Digest 194: AI vs. Version Control, Password Louvre & Cursed Webdev
CH
Chris Heilmann
Dev Digest 138 - Are you secure about this?
Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Dev Digest 138 - Are you secure about this?
BR
Benjamin Ruschin
GitHub’s Hidden Keyboard Shortcuts to Boost Your Productivity
Developers just love shortcuts. Whether it’s quickly navigating your favourite IDE, switching between tabs in a browser or saving time and clicks with a CLI command, we all love finding ways of shaving seconds off of repetitive tasks. Despite many of...
GitHub’s Hidden Keyboard Shortcuts to Boost Your Productivity

From learning to earning

Jobs that call for the skills explored in this talk.