Leaking Secrets

How it happens and how you prevent it

Image by Tumisu from Pixabay

One of the worst mistakes one can make in application security is to publicly post secrets. That can be API keys, database credentials, service tokens, or private keys for asymmetric cryptography such as RSA as used for GPG.

It’s best to prevent leaking credentials completely, but if it’s done you need to change them directly. You cannot hope that…