Skip to content

Commit

Permalink
Merge pull request #2837 from OpenSecuritySummit/Alone2671-patch-1055
Browse files Browse the repository at this point in the history 
Create Stop-Committing-Your-Secrets-Git-Hooks-To-The-Rescue.md
  • Loading branch information
@Alone2671
Alone2671 authored Dec 17, 2023
2 parents 500a3f8 + 7a737cd commit 0b5de85
Showing 1 changed file with 38 additions and 0 deletions.
38 changes: 38 additions & 0 deletions ...i-summits/Jan/DevSecOps/Stop-Committing-Your-Secrets-Git-Hooks-To-The-Rescue.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
---
title : "Stop Committing Your Secrets - Git Hooks To The Rescue"
track : DevSecOps
project : DevSecOps
type : working-session
topics :
featured :
event : mini-summit
when_year : 2024
when_month : Jan
when_day : Thu
when_time : WS-15-16
hey_summit :
session_slack:
#status : draft
description :
banner :
organizers :
- Dwayne McDaniel

youtube_link :
zoom_link :
---

## About this session
"No one wants their keys, passwords, and other secrets exposed. Ideally, no developer would ever hardcode anything like that into their work, but unfortunately, a lot of repos are just one bad push from the world gaining access to sensitive data and mission-critical systems. In the best-case scenario, you discover the issue and fix it before something terrible happens, but in the worse cases, you don’t find out until it is far too late. Just ask folks like Uber or Twitch.

Most devs are familiar with using .env and .gitignore files to help prevent Git from tracking specific files and folders. But did you know that you can leverage git hooks, and some open source awesomeness, to keep from accidentally committing your secrets in the first place?

Walk away from this session with some concrete actions you and your devs can take to make sure no secrets make it into your shared hosted repos ever again!
But that is just the start. If you are not actively using Git hooks in your workflows, then this talk is for you. Let's look into the .git folder and unlock a whole world of automation possibilities!

My hope with this session is to help everyone add some easy-to-implement automation to their workflows to prevent making more extreme, and costly, kind of mistakes."

### Publication:
https://blog.gitguardian.com/how-to-use-ggshield-to-avoid-hardcoded-secrets-cheat-sheet-included/


0 comments on commit 0b5de85

Please sign in to comment.