segudev | 2 years ago | on: How to mitigate risk from secrets leaks
segudev's comments
segudev | 3 years ago | on: Show HN: Infisical – open-source secrets manager
I'm afraid I have to disagree. There are so many different needs it is impossible to discredit them so simply.
I recommend that readers take inspiration from this model of maturity to see more clearly: https://www.gitguardian.com/files/secrets-management-maturit...
segudev | 3 years ago | on: Billion-record stolen Chinese database for sale on breach forum
Unfortunately, it's not as simple as that.
Lots of secrets are "generic" (think of a DB user/password combination), meaning that you need to take into account the surrounding source code context to be able to determine if they are a "real" secret.
Here is a full explanation if you are interested: https://blog.gitguardian.com/why-detecting-generic-credentia...
segudev | 3 years ago | on: Billion-record stolen Chinese database for sale on breach forum
Indeed, last year we detected on average 84 AWS IAM creds for every 10k commits pushed to GitHub
https://res.cloudinary.com/da8kiytlc/image/upload/v164614852...
page 1
GitGuardian can provide an automatic audit of your company-specific leaks we found on GitHub. Just ask: https://www.gitguardian.com/complimentary-audit-secrets-leak...
More details on how it works: https://blog.gitguardian.com/github-secrets-leak-free-audit/