Over a million developers have joined DZone.

Avoid Passing Security Credentials to GitHub

DZone's Guide to

Avoid Passing Security Credentials to GitHub

A simple tool to prevent users from committing sensitive information in GitHub commits.

· Agile Zone
Free Resource

Reduce testing time & get feedback faster through automation. Read the Benefits of Parallel Testing, brought to you in partnership with Sauce Labs.

Your AWS account is a valuable target for bad guys. With access to your security credentials, an attacker is potentially able to steal sensitive data, utilize your resources, or sabotage your infrastructure.

Two years ago AWS and their customers observed that bad guys started to crawl public GitHub repositories for security credentials that would grant them access to AWS accounts. Turns out even the most cautious engineer commits secrets to public GitHub repositories from time to time. We are all humans!

Image title

When working with one of our consulting clients to increase the security of their environment, we found a helpful tool to prevent users from adding secrets to their Git repositories: git-secrets.

git-secrets allows you to create hooks for your local repositories. Should you ever try to commit security credentials the commit will fail.


The following steps will download and install the latest version of git-secrets.

git clone https://github.com/awslabs/git-secrets  
cd git-secrets  
make install  


git-secrets allows you to search for any secrets. You are able to add custom providers or use the pre-defined provider to scan for AWS security credentials.

git secrets --register-aws --global  

You are not done yet! Next you need to add hooks to all your local repositories.

cd /path/to/repository  
git secrets --install  

Add a configuration template if you want to add hooks to all repositories you initialize or clone in the future.

git secrets --install ~/.git-templates/git-secrets  
git config --global init.templateDir ~/.git-templates/git-secrets  

git-secrets is a simple tool preventing you from committing secrets and credentials into Git repositories. 

The Agile Zone is brought to you in partnership with Sauce Labs. Discover how to optimize your DevOps workflows with our cloud-based automated testing infrastructure.

github ,aws

Published at DZone with permission of Andreas Wittig, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.


Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.


{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}