detect-secrets plugin

Why do we care

Secrets (passwords, usernames, AWS keys etc…) often times work their way into source control repos.

• Hackers are known to scan source code repos

detect-secrets to the rescue

Option 1: Git hook

Option 2: Make it part of your CI/CD pipeline Ok; let’s assume that you work in a polyglot environment with a bunch of Java developers or Ruby developers and they wont install python without grunting and mashing of teeth.

https://github.com/Yelp/detect-secrets/blob/master/.pre-commit-hooks.yaml