If you are reading this, thinking about your personal data or even secrets, you may have bigger problems than you can solve. The secrets we are talking about here, have to do with GitHub. Therefore, they can be API keys, usernames, passwords, and other sensitive information, located in these environments. Thankfully, there are solutions. Here is what you need to know.
Can you know if your company is leaking secrets?
Let’s start with the bad news. There were over two million secrets detected [PDF] on public GitHub, only in 2020, and the amount doesn’t seem to be slowing down. In fact, it usually grows by 20% every year. One of the problems is that companies are not taking this issue seriously enough.
Therefore, they are either unequipped to deal with the problem or they simply (try to) ignore it. But the issue won’t go away, that easily.
So, how can you know if your secrets are safe or that they are available for others to see and acquire? There is software that provides a GitHub security scan. Once the scanning is completed, it will alert you if sensitive information about your company is being uncovered. It can do so on internal repositories or a public GitHub.
Where does the problem come from?
According to a study, the real problem cannot be controlled by corporations, as they don’t have access to the locations where it takes place. That would be the developer’s personal repositories. Therefore, they don’t have the power to do anything about what is going on, inside these public personal repositories. They are still the ones, though, to have their secrets leaked.
What are the Secrets that are leaked?
Secrets in business really mean the same as they do in our private lives: they are things that we don’t want others to know about. Usually, they are sensitive data that should never be made public, whether they are about the company itself, its clients, or its users.
They can be digital authentication credentials that provide access to private data, systems information, or particular services. They come in the form of API keys, usernames, and passwords, as well as security certificates.
Why does this happen so frequently?
The issue comes from the developer’s bad practice when coding. Too often they use the same GitHub account for their professional and personal use, which can cause these leaks. Although the problem weighs on their shoulders, it has to be said that that they have to deal with a much larger number of secrets all the time, which makes their work quite complicated.