GitLeaks - Source Code Secrets Detection

Good day. It's Tuesday, Sep. 10, and in this issue, we're covering:

  • GitLeaks - Source Code Secrets Detection

  • Pulumi Improves Kubernetes Await Logic

  • Google Cloud introduces New log scopes for Cloud Logging

  • How Slack Re-architected for Their Largest Customers

  • Elevate Access Token Security by Demonstrating Proof-of-Possession

  • Automate AWS deployments with HCP Terraform and GitHub Actions

You share. We listen. As always, send us feedback at [email protected]

Use Case

GitLeaks - Source Code Secrets Detection

You know, back in 2016, Uber lost millions after sensitive secrets were exposed? Hackers gained unauthorized access to a private GitHub repository used by Uber engineers and then used the credentials to access AWS data storage​.

Uber Github Repository Source Code Credentials Example (credit: securonix)

This is a harsh reminder that even a single secret exposed in your source code can be disastrous. Many companies have faced similar challenges, suffering financial losses, damaged reputations, and regulatory penalties.

The problem? Secrets like API keys, database credentials, and private tokens sometimes find their way into source code repositories.

Unfortunately, this is relevant even today !

How Conventional Secrets Detection Works in CI/CD Pipelines

This is completely a reactive approach. Even if secrets are detected and cleaned up eventually, there may still be a time window where exposed secrets could be exploited, leading to security breaches, misuse of sensitive data, or unauthorized access.

This opens the door to both internal and external threats, jeopardizing the integrity of the project and the organization.

Why Detect Secrets Early in Development?

  1. Security breaches are costly: Reacting to a leak after it happens is expensive and time-consuming. The quicker you stop secrets from entering your codebase, the lower the risk.

  2. Secrets propagate: Once a secret is committed, it can easily spread across branches, projects, or even teams without notice, creating a cascading security risk.

  3. Build a proactive culture: Early detection instills a security-first mindset among developers, ensuring that no sensitive data leaves the local environment.

Secrets Detection with GitLeaks

GitLeaks offers a proactive solution by scanning for secrets before they enter the repository, as part of a pre-commit hook.

Here’s why this approach works better:

  • Pre-commit hooks: GitLeaks scans the code for secrets before any commit is made. If a secret is found, the commit is blocked, ensuring it never reaches the repository.

  • Immediate feedback: Developers get real-time alerts when secrets are detected, allowing them to address issues before the code moves forward.

  • Blocks bad commits: If GitLeaks detects a secret, it stops the commit dead in its tracks, preventing the leak from happening in the first place.

Sample run:

Remember, protecting sensitive information should start from the first line of code.

p.s. I am on twitter (X) now - Your support would mean a lot  

Drop by to Say Hello and Smash that ‘Follow’ Button !!

Tool Of The Day

Q  - Run SQL directly on CSV or TSV files

Trends & Updates

Resources & Tutorials

Picture Of The Day

Did someone forward this email to you? Sign up here

Interested in reaching smart techies?

Our newsletter puts your products and services in front of the right people - engineering leaders and senior engineers - who make important tech decisions and big purchases.