For developers, secret and credential leakage is a problem as old as public-facing repositories. Unfortunately, in 2021 it is officially a significant risk. One that is easy to ignore until it is too late. In a rush to deliver, developers will often hard-code credentials in code or neglect to review code for exposed secrets. The results can be embarrassing, at best – but devastatingly costly in other cases.

This whitepaper will review the dangers of secret leakage, the challenges in protecting secrets in the SDLC, and strategies for secret leakage mitigation.

Table of contents

• Understanding secret leakage
• The anatomy of a secret leak
• The results of secret leakage
• The challenge of protecting secrets in software development
• What to consider in a security solution
• Mitigating secret leakage with automated secret detection