Secrets Scanning and Hardcoded Credentials
Prevent API keys and passwords from being committed using git-secrets, gitleaks, and pre-commit hooks.
The Hardcoded Secrets Problem
Developers accidentally commit API keys, passwords, private keys, and tokens to source code repositories. Once in git history, they persist even after deletion. Public repositories are scraped by bots within seconds of a push.
What Gets Committed
Common secrets found in repositories:
- AWS access keys (
AKIA...) - GitHub personal access tokens
- Database passwords in config files
- Stripe/payment API keys
- Private TLS/SSH keys
- Slack webhook URLs
All lessons in this course
- SAST and DAST in CI/CD Pipelines
- Software Composition Analysis (SCA)
- Secrets Scanning and Hardcoded Credentials
- Security Champions and Threat Modeling