A recent Security incident at Github where the engineering team accidentally committed their private security key into their public repository alarmed other engineers and organizations
Tech Giant and a pioneer and catalyst of Git, themselves have made a blunder. that cost them to re-create their private key and it has affected its customers too.
Read the full report here.
Having said that, now we all know how crucial it is to protect our secrets from getting committed or pushed into our GIT repositories. Let it be Github, Bitbucket or Git lab
How to deal with it? Here I have compiled a few tools that can help these accidental security leaks and sensitive information being committed or pushed
Git Pre Commit Hook tools
So here are some tools to help you prevent accidental security leaks or sensitive information being committed to your repository
✅ git-secrets - It can help you scan your existing repo or as a pre-commit hook. Supports AWS, GCP and Private Key scanning
✅ pre-commit - To create and integrate multiple pre-commit hooks easily. supports custom-written local pre-commit checks as well as remote repository plugins. One of my favourite
✅ detect-secrets - From the labs of Microsoft help to scan for secrets and API keys and Secrets/passwords before they are committed. can be integrated with a pre-commit hook
✅ git-filter-repo / git-filter-branch - Helps in identifying unwanted files over the commit history on the local and remote repo. Also, help in removing the accidentally committed files with secrets.
✅ BFG-RepoCleaner - If you are aware of `git-filter-repo` and `git-filter-branch` to clean history and files on the remote and local. BFG is an advanced and powerful version of the same and much faster than the farmer
Cleaning the secrets which are already committed
🚨 If you have already committed the secrets accidentally. You can still revert it before it's too late. the following article can help you in clearing the files/evidence across the local and remote repository commits
That's it for now. we will keep this article updated.
Signup for Exclusive "Subscriber-only" Content