With every hardcoded secret, the software supply chain attack surface grows larger, opening more avenues for the resourceful attacker. Remember Codecov? It all started with a hardcoded secret, ultimately leading to the downstream poisoning of 20,000+ CI pipelines and the exfiltration of more secrets than attackers could ever dream of.

It’s time for us, developers and security pros, to take a hard look at our hardcoded secrets – or else, we accept living with the risks and consequences of secrets sprawl.

Join me on Thursday, November 30, for a live discussion with Ryan Blunden, Developer Advocate at Doppler, the SecretOps platform. Together, we will walk you through a maturity model describing:

The challenges of securely managing and distributing secrets in DevOps environments

How your organization can build effective secrets management programs (tools, processes, and training)

The benefits of blending secrets management and secrets detection with Doppler and GitGuardian

Stay until the end for back-to-back lightning demos of Doppler and GitGuardian. Once you see it, you will never want to return to managing your secrets the old way!

P.S. Register now to enter the draw and win a $50 Amazon Gift Card!

One of the earliest mentions of hardcoded secrets on the web is almost two decades old! In June 2005, the security team at the CERN (European Organization for Nuclear Research) published a short guide on “How to keep secrets secret.” A year later, OWASP added the “use of hard-coded password” to its Top 10 Web Application Security Risks. Go on, impress your security friends!

Taming Secrets Sprawl with Doppler and GitGuardian