Dwayne McDaniel

Stop Committing Your Secrets - GIt Hooks To The Rescue!

What if you could automatically block secrets from ever entering your Git history? Learn how pre-commit hooks prevent costly leaks before they happen.

Stop Committing Your Secrets - GIt Hooks To The Rescue!
#1about 4 minutes

The high cost of accidental secret leaks in code

Major companies like Uber, Toyota, and Samsung have suffered significant breaches due to hard-coded credentials found in source code.

#2about 7 minutes

Why hard-coded secrets are a growing developer problem

The number of secrets exposed in public repositories is growing faster than developer population growth, often due to hurried workflows.

#3about 6 minutes

How Git's design makes committed secrets permanent

Git stores a complete, compressed snapshot of files for every commit, meaning a secret committed once remains in the repository's history forever.

#4about 5 minutes

Why manual secret management is not enough

Relying solely on .gitignore files or vaults is insufficient because human error can lead to accidental commits, which are very difficult to remove from history.

#5about 9 minutes

Automating secret prevention using local Git hooks

Git hooks provide a built-in automation platform to run scripts that can scan for secrets and block commits before they are created.

#6about 5 minutes

Comparing open source tools for secret detection

Several open source tools like AWS Git Secrets, TruffleHog, and GG Shield can be used to implement pre-commit hooks for secret detection.

#7about 2 minutes

Demo of a Git hook blocking a secret commit

A practical demonstration shows how a pre-commit hook (GG Shield) detects hard-coded AWS keys and prevents the commit from completing.

#8about 16 minutes

Key takeaways for preventing secret leaks in code

The best strategy is to avoid committing secrets in the first place by using automation like Git hooks and leveraging open source tools.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Organizing a developer conference for 15,000 attendees
01:32 MIN

Organizing a developer conference for 15,000 attendees

Cat Herding with Lions and Tigers - Christian Heilmann

Increasing the value of talk recordings post-event
04:57 MIN

Increasing the value of talk recordings post-event

Cat Herding with Lions and Tigers - Christian Heilmann

Establishing a single source of truth for all data
02:39 MIN

Establishing a single source of truth for all data

Cat Herding with Lions and Tigers - Christian Heilmann

Selecting strategic partners and essential event tools
03:17 MIN

Selecting strategic partners and essential event tools

Cat Herding with Lions and Tigers - Christian Heilmann

Automating video post-production with local scripts
02:54 MIN

Automating video post-production with local scripts

Cat Herding with Lions and Tigers - Christian Heilmann

Using content channels to build an event community
04:49 MIN

Using content channels to build an event community

Cat Herding with Lions and Tigers - Christian Heilmann

Why HR struggles with technology implementation and adoption
04:22 MIN

Why HR struggles with technology implementation and adoption

What 2025 Taught Us: A Year-End Special with Hung Lee

Preventing exposed API keys in AI-assisted development
03:45 MIN

Preventing exposed API keys in AI-assisted development

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Featured Partners

Related Videos

See all videos
Best Practices for Using GitHub Secrets36:33

Best Practices for Using GitHub Secrets

Marcel Lupo

Securing Secrets in the GitOps era58:57

Securing Secrets in the GitOps era

Alex Soto

Real-World Security for Busy Developers29:50

Real-World Security for Busy Developers

Kevin Lewis

Securing secrets in the GitOps Era58:52

Securing secrets in the GitOps Era

Davide Imola

Securing Your Web Application Pipeline From Intruders44:30

Securing Your Web Application Pipeline From Intruders

Milecia McGregor

How GitHub secures open source25:28

How GitHub secures open source

Joseph Katsioloudes

Typed Security: Preventing Vulnerabilities By Design58:19

Typed Security: Preventing Vulnerabilities By Design

Michael Koppmann

Supply Chain Security and the Real World: Lessons From Incidents24:47

Supply Chain Security and the Real World: Lessons From Incidents

Adrian Mouat

Related Articles

View all articles
DC
Daniel Cranney
Dev Digest 194: AI vs. Version Control, Password Louvre & Cursed Webdev
Inside last week’s Dev Digest 194 . 🧠 Learn how to become an AI-native software engineer 🤷‍♂️ How can you stand out when anyone can build anything? 👂 Whisper Leak allows listening to encrypted chats 🐝 What’s new the OWASP2025 Top Ten List 🙅‍♀️ Curse...
Dev Digest 194: AI vs. Version Control, Password Louvre & Cursed Webdev
CH
Chris Heilmann
Dev Digest 138 - Are you secure about this?
Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Dev Digest 138 - Are you secure about this?

From learning to earning

Jobs that call for the skills explored in this talk.