Source: dzone.com
Understanding Why Secrets Like API Keys Inside Git Are Such a ProblemCategory: Database, github, gitlab, automation
But the fact is, secrets inside git repositories is the current state of the world. Previously we have discussed why it is common to choose the path of least resistance when it comes to accessing and distributing secrets.
In addition to intentionally storing secrets in git, when secrets are not managed properly, it is very easy to lose track of them.
A few things to consider when storing secrets in private repositories: Another important consideration is that Code removed from a git repository is never actually gone.
While this scenario is very basic, add in hundreds of commits and files between master and a development branch and you can see how easy it is to miss secrets in code reviews.
In addition to intentionally storing secrets in git, when secrets are not managed properly, it is very easy to lose track of them.
A few things to consider when storing secrets in private repositories: Another important consideration is that Code removed from a git repository is never actually gone.
While this scenario is very basic, add in hundreds of commits and files between master and a development branch and you can see how easy it is to miss secrets in code reviews.
Related Articles
Community Partners
DevOps Careers