Secrets Detection Hub

Learn more about secrets detection

Whether you’re brand new to secrets detection, or want to learn advanced remediation strategies, this is your hub for secrets detection knowledge.

Secrets and secret sprawl

What are secrets in the software development world?

What is secret sprawl?

What are some of the best practices to securely manage secrets like API keys?

What are the threats associated with secret sprawl?

What makes secret sprawl such a common problem?

Secrets detection for Application Security

My source code is private, so why is hardcoding credentials in git considered a bad practice?

Why automate secrets scanning throughout the Software Development Life Cycle (SLDC)?

How does secrets detection compare with Static Application Security Testing (SAST)?

What are git hooks?

What is a pre-commit hook?

What is a pre-receive hook?

What is a post-receive hook?

Where in the DevOps pipeline to implement automated secrets scanning? Client-side or server-side?

Should secrets detection be blocking or non-blocking in the SDLC?

How to detect secrets in source code?

Why is it hard to detect secrets like API keys and other credentials?

Why do code reviews fail at finding secrets in source code?

What is a "good" secrets detection algorithm?

What is a false positive in secrets detection?

Are secrets detection algorithms language-dependent?

How to remediate sensitive data leaks such as API keys hardcoded in source code?

How to remediate secrets leaked publicly (on public GitHub for example)?

How to remediate secrets exposed internally (in a private repository for example)?

How to rewrite the git history and remove sensitive data from git?

How to deal with intellectual property leaks on GitHub?

GitGuardian and alternatives

What is GitGuardian?

What is GitGuardian Public Monitoring?

What is GitGuardian Internal Repositories Monitoring?