How to Find Secrets that are Accidentally Committed to Version Control System (Git)

Meme Credit: https://twitter.com/DZoneInc/status/1361420207793659904

Why Secrets in Git Repository are a big problem 🔐

How to Improve Organization Security 💡

How its Work? 🔨

Git-Secrets 🧰

git clone https://github.com/awslabs/git-secrets.git
cd git-secrets
make install
cd /path/to/my/repo
git init
git secrets --install
git secrets --register-aws
git secrets -register-azure

git secrets -register-aws

git secrets — register-gcp
git secrets --scan 
git secrets --scan-history
git secrets --scan /path/to/file

Truffle hog 🧰

sudo apt-get install python3-pip
pip install truffleHog
trufflehog git --help
trufflehog --regex --entropy=False </path/to/directory/of/repo>
trufflehog --regex --entropy=False https://github.com/dxa4481/truffleHog.git

trufflehog git https://github.com/trufflesecurity/trufflehog.git

Conclusion 🚀

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store