Dwayne McDaniel
Stop Committing Your Secrets - GIt Hooks To The Rescue!
#1about 4 minutes
The high cost of accidental secret leaks in code
Major companies like Uber, Toyota, and Samsung have suffered significant breaches due to hard-coded credentials found in source code.
#2about 7 minutes
Why hard-coded secrets are a growing developer problem
The number of secrets exposed in public repositories is growing faster than developer population growth, often due to hurried workflows.
#3about 6 minutes
How Git's design makes committed secrets permanent
Git stores a complete, compressed snapshot of files for every commit, meaning a secret committed once remains in the repository's history forever.
#4about 5 minutes
Why manual secret management is not enough
Relying solely on .gitignore files or vaults is insufficient because human error can lead to accidental commits, which are very difficult to remove from history.
#5about 9 minutes
Automating secret prevention using local Git hooks
Git hooks provide a built-in automation platform to run scripts that can scan for secrets and block commits before they are created.
#6about 5 minutes
Comparing open source tools for secret detection
Several open source tools like AWS Git Secrets, TruffleHog, and GG Shield can be used to implement pre-commit hooks for secret detection.
#7about 2 minutes
Demo of a Git hook blocking a secret commit
A practical demonstration shows how a pre-commit hook (GG Shield) detects hard-coded AWS keys and prevents the commit from completing.
#8about 16 minutes
Key takeaways for preventing secret leaks in code
The best strategy is to avoid committing secrets in the first place by using automation like Git hooks and leveraging open source tools.
Related jobs
Jobs that call for the skills explored in this talk.
Technoly GmbH
Berlin, Germany
€50-60K
Intermediate
Network Security
Security Architecture
+2
aedifion GmbH
Köln, Germany
€30-45K
Intermediate
Network Security
Security Architecture
+1
Matching moments
03:45 MIN
Preventing exposed API keys in AI-assisted development
Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2
05:55 MIN
The security risks of AI-generated code and slopsquatting
Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2
05:32 MIN
Getting hired by contributing to open source projects
Devs vs. Marketers, COBOL and Copilot, Make Live Coding Easy and more - The Best of LIVE 2025 - Part 3
14:14 MIN
Scripting presentations and demos in VS Code
Devs vs. Marketers, COBOL and Copilot, Make Live Coding Easy and more - The Best of LIVE 2025 - Part 3
02:48 MIN
Building trust through honest developer advocacy
Devs vs. Marketers, COBOL and Copilot, Make Live Coding Easy and more - The Best of LIVE 2025 - Part 3
01:32 MIN
Organizing a developer conference for 15,000 attendees
Cat Herding with Lions and Tigers - Christian Heilmann
04:09 MIN
The emerging market for fixing AI-generated code
Devs vs. Marketers, COBOL and Copilot, Make Live Coding Easy and more - The Best of LIVE 2025 - Part 3
11:32 MIN
The industry's focus on frameworks over web fundamentals
WeAreDevelopers LIVE – Frontend Inspirations, Web Standards and more
Featured Partners
Related Videos
36:33Best Practices for Using GitHub Secrets
Marcel Lupo
58:57Securing Secrets in the GitOps era
Alex Soto
29:50Real-World Security for Busy Developers
Kevin Lewis
58:52Securing secrets in the GitOps Era
Davide Imola
44:30Securing Your Web Application Pipeline From Intruders
Milecia McGregor
25:28How GitHub secures open source
Joseph Katsioloudes
58:19Typed Security: Preventing Vulnerabilities By Design
Michael Koppmann
24:47Supply Chain Security and the Real World: Lessons From Incidents
Adrian Mouat
Related Articles
View all articles
From learning to earning
Jobs that call for the skills explored in this talk.
Onintigritissecurity
Remote
Splunk
Network Security
Guardian1821
Kilsby, United Kingdom
Azure
DevOps