Hacker News new | past | comments | ask | show | jobs | submit login

Agreed ... use a pre-commit hook to scan your repository for high-entropy strings before they are forever enshrined in your history (https://github.com/dxa4481/truffleHog).



To be fair, though, history can be rewritten, albeit sometimes with some difficulty.


If a secret has ever been in Git then you probably can't know where it's been copied to and should treat it as likely to have been leaked.


Great idea! Thanks for linking to that tool.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: