ThetaPoint Blog

Leaky Secrets in Git - Instrumentation and Response

How Bad Can it git? A recent research paper described a rigorous empirical study on the rate at which secrets (cryptographic keys, API credentials, etc.) are inadvertently leaked through SCM (source code management) tools to GitHub. The numbers they found were alarming. The research team identified hundreds of thousands of secrets in the public Github BigQuery dataset using simple search techniques. Additionally, they identified thousands of secrets per day using automated searches against the Github API. How Does this Happen? Mistaken Beliefs and Improper Usage Developers, operators, and administrators can often misjudge the level of exposure that…