(trufflesecurity.com)

199 points elza_1111 | 1 comments | 03 Jul 25 06:44 UTC | HN request time: 0.245s | source

Show context

edverma2 ◴[03 Jul 25 07:48 UTC] No.44452644[source]▶

All devs should run open-source trufflehog as a precommit hook for all repositories on their local system. It’s not a foolproof solution, but it’s a small time investment to get set up and gives me reasonable assurance that I will not accidentally commit a secret. I’m unsure why this is not more widely considered standard practice.

replies(2): >>44452810 #>>44452859 #

ramon156 ◴[03 Jul 25 08:23 UTC] No.44452859[source]▶

>>44452644 #

If I'm honest, I don't know how much this happens at work, and even if it does it's not the end of the world. Just scratch the commit from existence.

In my head, the people who accidentally share secrets are also the people who couldn't setup trufflehog with a precommit.

replies(2): >>44452916 #>>44453003 #

1. oreilles ◴[03 Jul 25 08:51 UTC] No.44453003[source]▶

>>44452859 #

> Just scratch the commit from existence.

Unfortunately, that is impossible: https://trufflesecurity.com/blog/anyone-can-access-deleted-a...

↑

I scanned all of GitHub's "oops commits" for leaked secrets