GitHub Secrets Leaks
The cluster revolves around discussions of accidentally committing secrets, credentials, and keys to GitHub repositories, the risks of exposure in public and private repos, GitHub's secret scanning features, and tools for detection and prevention.
Activity Over Time
Top Contributors
Keywords
Sample Comments
I doubt ppl would want to give github all their actual secrets
Any credentials that are pushed to GitHub are as good as immediately compromised.
Github monitors for public commits of service secrets. Not an excuse to commit secrets, but there is a bit of a safety net.> When you push to a public repository, GitHub scans the content of the commits for secrets. If you switch a private repository to public, GitHub scans the entire repository for secrets.> When secret scanning detects a set of credentials, we notify the service provider who issued the secret. The service provider validates the credential and then decides whether t
Try GitGuardian to monitor internal repos on GitHub, 100k+ developers use it to scan their commits for all sorts of credentials and secrets.https://bit.ly/3AHfI9d
GitHub can alter the CODE. Why it should play with just a key? If GitHub wants to pwn the whole world, it can do it right now.
Ah yes, giving your github credentials to a smart black box. What could possibly go wrong.
Does github guarantee that my private repo's content are not being leaked this way in the future?
If your secrets are in your repo, you've probably already leaked them.
I wrote "The Github Threat" about this possible issue https://carlchenet.com/the-github-threat/
You're giving Github way too much unearned credit about its security practices