bob1029

I am curious if someone can elaborate on the scenario in which one is accidentally committing secrets to source control.

For us, anything that would be a "secret" is stored in a SQLite database that sits next to the executable. In many cases, these secrets would additionally be encrypted with platform-specific techniques such as DPAPI. None of these databases are under source control and would be ignored upon commit.

If we want to load a secret into our application, we have to use an administrative web interface exposed by the application in each required environment. We view the management of secrets and other parameters as an important feature for our product and have built tooling up accordingly. Non-developers are able to manage secrets in our software, and we are actually trying to make this mandatory for compliance reasons.

barrucadu
Yeah, I'm not sure why this is such a problem. At work we tried out using detect-secrets[1] for a while to make sure we didn't accidentally commit anything important.

It was a huge pain, it picked up nothing but false positives.

After a few months we decided that our pre-existing practices: have secrets passed to the app in environment variables which are set during deployment, and use fake secrets for test and dev, solved the problem in a much less painful way.

Is it so hard to keep real secrets separate from the source code?

[1] https://github.com/Yelp/detect-secrets