A nice approach, if you have sufficient control over the form of your secrets, i... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		justinpombrio on Oct 13, 2022 \| parent \| context \| favorite \| on: Toyota suffered a data breach by accidentally expo... A nice approach, if you have sufficient control over the form of your secrets, is to prefix each secret with "MY_COMPANY_SECRET_DO_NOT_COMMIT:". Then you can add a commit hook that refuses to commit if any committed file contains that substring, etc. etc.

aghlabid00x0 on Oct 13, 2022 [–]

Great idea, but hard to enforce. Just use a scanning CLI like TruffleHog, Gitleaks, or ggshield from GitGuardian to catch all sorts of hardcoded secrets.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact