Dwayne McDaniel

Stop Committing Your Secrets - GIt Hooks To The Rescue!

What if you could automatically block secrets from ever entering your Git history? Learn how pre-commit hooks prevent costly leaks before they happen.

Stop Committing Your Secrets - GIt Hooks To The Rescue!
#1about 4 minutes

The high cost of accidental secret leaks in code

Major companies like Uber, Toyota, and Samsung have suffered significant breaches due to hard-coded credentials found in source code.

#2about 7 minutes

Why hard-coded secrets are a growing developer problem

The number of secrets exposed in public repositories is growing faster than developer population growth, often due to hurried workflows.

#3about 6 minutes

How Git's design makes committed secrets permanent

Git stores a complete, compressed snapshot of files for every commit, meaning a secret committed once remains in the repository's history forever.

#4about 5 minutes

Why manual secret management is not enough

Relying solely on .gitignore files or vaults is insufficient because human error can lead to accidental commits, which are very difficult to remove from history.

#5about 9 minutes

Automating secret prevention using local Git hooks

Git hooks provide a built-in automation platform to run scripts that can scan for secrets and block commits before they are created.

#6about 5 minutes

Comparing open source tools for secret detection

Several open source tools like AWS Git Secrets, TruffleHog, and GG Shield can be used to implement pre-commit hooks for secret detection.

#7about 2 minutes

Demo of a Git hook blocking a secret commit

A practical demonstration shows how a pre-commit hook (GG Shield) detects hard-coded AWS keys and prevents the commit from completing.

#8about 16 minutes

Key takeaways for preventing secret leaks in code

The best strategy is to avoid committing secrets in the first place by using automation like Git hooks and leveraging open source tools.

Related jobs
Jobs that call for the skills explored in this talk.

Featured Partners

Related Videos

Securing Your Web Application Pipeline From Intruders44:30

Securing Your Web Application Pipeline From Intruders

Milecia McGregor

Walking into the era of Supply Chain Risks37:36

Walking into the era of Supply Chain Risks

Vandana Verma

DevSecOps: Security in DevOps33:20

DevSecOps: Security in DevOps

Aarno Aukia

You can’t hack what you can’t see29:34

You can’t hack what you can’t see

Reto Kaeser

Cyber Security: Small, and Large!37:32

Cyber Security: Small, and Large!

Martin Schmiedecker

Best Practices for Using GitHub Secrets36:33

Best Practices for Using GitHub Secrets

Marcel Lupo

How to Cause (or Prevent) a Massive Data Breach- Secure Coding and IDOR40:38

How to Cause (or Prevent) a Massive Data Breach- Secure Coding and IDOR

Anna Bacher

Securing secrets in the GitOps Era58:52

Securing secrets in the GitOps Era

Davide Imola

From learning to earning

Jobs that call for the skills explored in this talk.

Fullstack Engineer (Secure)

Sysdig
Municipality of Madrid, Spain

Intermediate
React
Unit Testing
Microservices
Software Architecture