Dev & Ops teams from large organizations use thousands of secrets like API keys and other credentials in order to interconnect these components together. As a result, they now have access to more sensitive information than companies can keep track of.
The risk is that these secrets are now spreading everywhere. We call “secrets sprawl” the unwanted distribution of secrets in all the systems developers use. Secrets sprawl is even more difficult to control with growing development teams, sometimes spread over multiple geographies. Not even taking into consideration that developers are under hard pressure due to a growing number of technologies to master and shortened release cycles.
In this whitepaper, GitGuardian looks at the implications of secrets sprawl, and presents solutions for Application Security to further secure the SDLC by implementing automated secrets detection in their DevOps pipeline.