🆕 Video Course Out Now: Rapid Docker on AWS

Avoid security credentials on GitHub

Andreas Wittig – 27 Apr 2016

Your AWS account is a valuable target for bad guys. With access to your security credentials an attacker is potential able to steal sensitive data, utilize resources on your costs, or sabotage your infrastructure.

Two years ago AWS and their customers observed that bad guys started to crawl public GitHub repositories for security credentials granting them access to AWS accounts. Turns out even the most cautious engineer commits secrets to public GitHub repositories from time to time. We are all humans!

When working with one of our consulting clients to increase the security of their environment, we found a helpful tool, preventing you from adding secrets to your Git repositories: git-secrets.

git-secrets allows you to create hooks for your local repositories. Should you ever try to commit security credentials the commit will fail.


The following steps will download and install the latest version of git-secrets.

Cover of Amazon Web Services in Action

Level up, strengthen your AWS skills.

Our book Amazon Web Services in Action is a comprehensive introduction to computing, storing, and networking in the AWS cloud. You'll find clear, relevant coverage of all the essential AWS services, emphasizing best practices for security, high availability, and scalability. Get the first chapter for free!

git clone https://github.com/awslabs/git-secrets
cd git-secrets
make install


git-secrets allows you to search for any secrets. You are able to add custom providers or use the pre-defined provider to scan for AWS security credentials.

git secrets --register-aws --global

You are not done yet! Next you need to add hooks to all your local repositories.

cd /path/to/repository
git secrets --install

Add a configuration template if you want to add hooks to all repositories you initialize or clone in the future.

git secrets --install ~/.git-templates/git-secrets
git config --global init.templateDir ~/.git-templates/git-secrets

git-secrets is a simple tool preventing you from committing secrets and credentials into Git repositories. Can fully recommend using it!

Tags: aws security iam
Andreas Wittig

Andreas Wittig

I’m an independent consultant, technical writer, and programming founder. All these activities have to do with AWS. I’m writing this blog and all other projects together with my brother Michael.

In 2009, we joined the same company as software developers. Three years later, we were looking for a way to deploy our software—an online banking platform—in an agile way. We got excited about the possibilities in the cloud and the DevOps movement. It’s no wonder we ended up migrating the whole infrastructure of Tullius Walden Bank to AWS. This was a first in the finance industry, at least in Germany! Since 2015, we have accelerated the cloud journeys of startups, mid-sized companies, and enterprises. We have penned books like Amazon Web Services in Action and Rapid Docker on AWS, we regularly update our blog, and we are contributing to the Open Source community. Besides running a 2-headed consultancy, we are entrepreneurs building Software-as-a-Service products.

We are available for projects.

You can contact me via Email, Twitter, and LinkedIn.

Briefcase icon
Hire me