Avoid security credentials on GitHub

Andreas Wittig – 27 Apr 2016

Your AWS account is a valuable target for bad guys. With access to your security credentials an attacker is potential able to steal sensitive data, utilize resources on your costs, or sabotage your infrastructure.

Two years ago AWS and their customers observed that bad guys started to crawl public GitHub repositories for security credentials granting them access to AWS accounts. Turns out even the most cautious engineer commits secrets to public GitHub repositories from time to time. We are all humans!

When working with one of our consulting clients to increase the security of their environment, we found a helpful tool, preventing you from adding secrets to your Git repositories: git-secrets.

git-secrets allows you to create hooks for your local repositories. Should you ever try to commit security credentials the commit will fail.

Installation

The following steps will download and install the latest version of git-secrets.


Looking for a new challenge?

  • tecRacer

    Cloud Consultant

    tecRacer • Premier AWS Consulting Partner • Germany, Austria, Spain, and Switzerland
    AWS only Infrastructure as Code EC2 Containers Serverless
  • tecRacer

    Cloud Migration Specialist

    tecRacer • Premier AWS Consulting Partner • Germany, Austria, Spain, and Switzerland
    Lift&Shift Transformation EC2 RDS VPC

git clone https://github.com/awslabs/git-secrets
cd git-secrets
make install

Configuration

git-secrets allows you to search for any secrets. You are able to add custom providers or use the pre-defined provider to scan for AWS security credentials.

git secrets --register-aws --global

You are not done yet! Next you need to add hooks to all your local repositories.

cd /path/to/repository
git secrets --install

Add a configuration template if you want to add hooks to all repositories you initialize or clone in the future.

git secrets --install ~/.git-templates/git-secrets
git config --global init.templateDir ~/.git-templates/git-secrets

git-secrets is a simple tool preventing you from committing secrets and credentials into Git repositories. Can fully recommend using it!

Become a cloudonaut supporter

Andreas Wittig

Andreas Wittig ( Email, Twitter, or LinkedIn )

We launched the cloudonaut blog in 2015. Since then, we have published 345 articles, 45 podcast episodes, and 37 videos. It's all free and means a lot of work in our spare time. We enjoy sharing our AWS knowledge with you.

Please support us

Have you learned something new by reading, listening, or watching our content? With your help, we can spend enough time to keep publishing great content in the future. Learn more

$
Amount must be a multriply of 5. E.g, 5, 10, 15.

Thanks to Alan Leech, Alex DeBrie, ANTHONY RAITI, Jaap-Jan Frans, Jason Yorty, Jeff Finley, Jens Gehring, jhoadley, Johannes Grumböck, John Culkin, Jonas Mellquist, Juraj Martinka, Kamil Oboril, Ken Snyder, Ross Mohan, Ross Mohan, sam onaga, Shawn Tolidano, Thorsten Hoeger, Todd Valentine, and all anonymous supporters for your help! We also want to thank all supporters who purchased a cloudonaut t-shirt.