You likely already know that, but to anyone else interested: a good way to preve... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		perchlorate on Aug 23, 2024 \| parent \| context \| favorite \| on: Accident Forgiveness You likely already know that, but to anyone else interested: a good way to prevent these kinds of situations is to run 'nosey parker' on your git repo before pushing it to a remote. It will dig through your code and configs, looking at files and through all the git history, and highlight anything that looks like tokens, passwords, keys, etc. You can set it as a pre-commit hook to block the offending code from even being committed. https://github.com/praetorian-inc/noseyparker

Tiberium on Aug 24, 2024 | [–]

https://github.com/trufflesecurity/trufflehog is a similar tool but checks for far more secrets, so I think it'd be a better choice.

Aeolun on Aug 23, 2024 | [–]

Github has a similar feature that’s free for public repositories IIRC.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact