Avoid security credentials on GitHub
Your AWS account is a valuable target for bad guys. With access to your security credentials an attacker is potential able to steal sensitive data, utilize resources on your costs, or sabotage your infrastructure.
Two years ago AWS and their customers observed that bad guys started to crawl public GitHub repositories for security credentials granting them access to AWS accounts. Turns out even the most cautious engineer commits secrets to public GitHub repositories from time to time. We are all humans!
When working with one of our consulting clients to increase the security of their environment, we found a helpful tool, preventing you from adding secrets to your Git repositories: git-secrets.
git-secrets allows you to create hooks for your local repositories. Should you ever try to commit security credentials the commit will fail.
Installation
The following steps will download and install the latest version of git-secrets.
git clone https://github.com/awslabs/git-secrets |
Configuration
git-secrets allows you to search for any secrets. You are able to add custom providers or use the pre-defined provider to scan for AWS security credentials.
git secrets --register-aws --global |
You are not done yet! Next you need to add hooks to all your local repositories.
cd /path/to/repository |
Add a configuration template if you want to add hooks to all repositories you initialize or clone in the future.
git secrets --install ~/.git-templates/git-secrets |
git-secrets is a simple tool preventing you from committing secrets and credentials into Git repositories. Can fully recommend using it!
Further reading
- Article Antivirus for S3 Buckets
- Article Manage AWS EC2 SSH access with IAM
- Article WordPress on AWS: you are holding it wrong
- Article Serverless image resizing at any scale
- Tag security
- Tag iam