Dwayne McDaniel

Stop Committing Your Secrets - GIt Hooks To The Rescue!

What if you could automatically block secrets from ever entering your Git history? Learn how pre-commit hooks prevent costly leaks before they happen.

Stop Committing Your Secrets - GIt Hooks To The Rescue!
#1about 4 minutes

The high cost of accidental secret leaks in code

Major companies like Uber, Toyota, and Samsung have suffered significant breaches due to hard-coded credentials found in source code.

#2about 7 minutes

Why hard-coded secrets are a growing developer problem

The number of secrets exposed in public repositories is growing faster than developer population growth, often due to hurried workflows.

#3about 6 minutes

How Git's design makes committed secrets permanent

Git stores a complete, compressed snapshot of files for every commit, meaning a secret committed once remains in the repository's history forever.

#4about 5 minutes

Why manual secret management is not enough

Relying solely on .gitignore files or vaults is insufficient because human error can lead to accidental commits, which are very difficult to remove from history.

#5about 9 minutes

Automating secret prevention using local Git hooks

Git hooks provide a built-in automation platform to run scripts that can scan for secrets and block commits before they are created.

#6about 5 minutes

Comparing open source tools for secret detection

Several open source tools like AWS Git Secrets, TruffleHog, and GG Shield can be used to implement pre-commit hooks for secret detection.

#7about 2 minutes

Demo of a Git hook blocking a secret commit

A practical demonstration shows how a pre-commit hook (GG Shield) detects hard-coded AWS keys and prevents the commit from completing.

#8about 16 minutes

Key takeaways for preventing secret leaks in code

The best strategy is to avoid committing secrets in the first place by using automation like Git hooks and leveraging open source tools.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Securing developer access and development tools
05:30 MIN

Securing developer access and development tools

Securing your application software supply-chain

Securing workflows with secrets and best practices
30:56 MIN

Securing workflows with secrets and best practices

CI/CD with Github Actions

Key takeaways for securing your application pipeline
41:45 MIN

Key takeaways for securing your application pipeline

Securing Your Web Application Pipeline From Intruders

Q&A on GitOps secret management practices
40:22 MIN

Q&A on GitOps secret management practices

Securing secrets in the GitOps Era

Preventing leaked secrets and managing dependencies
08:33 MIN

Preventing leaked secrets and managing dependencies

How GitHub secures open source

The security risk of storing secrets in Git
07:34 MIN

The security risk of storing secrets in Git

Securing secrets in the GitOps Era

Avoiding common security mistakes and giving better feedback
55:17 MIN

Avoiding common security mistakes and giving better feedback

The weekly developer show: Boosting Python with CUDA, CSS Updates & Navigating New Tech Stacks

Q&A: GitOps, CI tools, and security management
42:23 MIN

Q&A: GitOps, CI tools, and security management

GitOps: The past, present and future

Featured Partners

Related Videos

See all videos
Best Practices for Using GitHub Secrets36:33

Best Practices for Using GitHub Secrets

Marcel Lupo

Securing secrets in the GitOps Era58:52

Securing secrets in the GitOps Era

Davide Imola

Real-World Security for Busy Developers29:50

Real-World Security for Busy Developers

Kevin Lewis

Securing Secrets in the GitOps era58:57

Securing Secrets in the GitOps era

Alex Soto

How GitHub secures open source25:28

How GitHub secures open source

Joseph Katsioloudes

Securing Your Web Application Pipeline From Intruders44:30

Securing Your Web Application Pipeline From Intruders

Milecia McGregor

Typed Security: Preventing Vulnerabilities By Design58:19

Typed Security: Preventing Vulnerabilities By Design

Michael Koppmann

Supply Chain Security and the Real World: Lessons From Incidents24:47

Supply Chain Security and the Real World: Lessons From Incidents

Adrian Mouat

Related Articles

View all articles
DC
Daniel Cranney
Dev Digest 194: AI vs. Version Control, Password Louvre & Cursed Webdev
Inside last week’s Dev Digest 194 . 🧠 Learn how to become an AI-native software engineer 🤷‍♂️ How can you stand out when anyone can build anything? 👂 Whisper Leak allows listening to encrypted chats 🐝 What’s new the OWASP2025 Top Ten List 🙅‍♀️ Curse...
Dev Digest 194: AI vs. Version Control, Password Louvre & Cursed Webdev
DC
Daniel Cranney
GitHub’s Hidden Keyboard Shortcuts to Boost Your Productivity
Developers just love shortcuts. Whether it’s quickly navigating your favourite IDE, switching between tabs in a browser or saving time and clicks with a CLI command, we all love finding ways of shaving seconds off of repetitive tasks. Despite many of...
GitHub’s Hidden Keyboard Shortcuts to Boost Your Productivity
CH
Chris Heilmann
Dev Digest 138 - Are you secure about this?
Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Dev Digest 138 - Are you secure about this?
Dev Digest 108 - Git off my cloud!
Welcome to another edition of the WeAreDevelopers Dev Digest. This time we have an interview with Sead Ahmetovic, CEO of of WeAreDevelopers and Scott Chacon, co-Founder of GitHub. They talk about careers, early coding days, developer communities, eva...
Dev Digest 108 - Git off my cloud!

From learning to earning

Jobs that call for the skills explored in this talk.