For developers, secret and credential leakage is a problem as old as public-facing repositories. Unfortunately, in 2021 it is officially a significant risk. One that is easy to ignore until it is too late. In a rush to deliver, developers will often hard-code credentials in code or neglect to review code for exposed secrets. The results can be embarrassing, at best – but devastatingly costly in other cases.
This whitepaper will review the dangers of secret leakage, the challenges in protecting secrets in the SDLC, and strategies for secret leakage mitigation.