With the maturity of tools such as Vault, there is no longer an excuse for storing secrets in code repositories, particularly since this often ends up being the soft underbelly of important systems. We've previously mentioned repository-scanning tools such as Gitrob, but we are now pushing proactive tools such as (the ThoughtWorks-created) Talisman, which is a prepush hook for Git that scans commits for secrets matching predefined patterns.
With the maturity of tools such as Vault, there is no longer an excuse for storing secrets in code repositories, particularly since this often ends up being the soft underbelly of important systems. We’ve previously mentioned repository-scanning tools such as Gitrob, but we are now pushing proactive tools such as (the ThoughtWorks-created) Talisman, which is a prepush hook for Git that scans commits for secrets matching predefined patterns.
