Detect secrets like API keys in using simple Python script

preview_player
Показать описание
Secrets like API keys, credentials and security certificates are the crown jewels of organizations but can easily sprawl through all your systems. It is important to be able to gain visibility into your systems and code to find these secrets. In this tutorial, we will run through a simple python script to scan for secrets in local files and directories. The same principles can be applied to detect secrets anywhere in your CI/CD pipeline.

Links:

Open-source dependencies:
  1. GitGuardian
  2. Python
  3. secrets scanning
  4. DevSecOps
  5. Devops
  6. CI/CD
Рекомендации по теме
Detect secrets like 0:23:11

Detect secrets like API keys in using simple Python script

How to create 0:13:22

How to create a pre-push git hook to detect hardcoded secrets like API keys & credentials

Scan directories for 0:09:01

Scan directories for secrets like API keys and credentials using GG-Shield

Detecting secrets in 0:29:27

Detecting secrets in code committed to Gitlab (in real time) - Chandrapal Badshah

Store & manage 0:12:46

Store & manage secrets like API keys in Python - Tech Tip Tuesdays

Scanning for hardcoded 0:05:39

Scanning for hardcoded secrets in source code | Security Simplified

How to Detect 0:13:37

How to Detect Secret Keys in Git? | Episode 1

Keep Your Secret 0:00:23

Keep Your Secret Keys Safe! #coding #programming #computerscience

How to create 0:01:37

How to create Open-AI (ChatGPT) API Key and Secrets? (Langchain Series Ep.4)

[Webinar] Detect hardcoded 1:07:47

[Webinar] Detect hardcoded secrets with ggshield, the GitGuardian CLI

Detecting secrets in 0:25:02

Detecting secrets in code committed to Gitlab

Scanning Code for 0:03:10

Scanning Code for Credentials using detect-secrets

Handle secrets like 0:08:31

Handle secrets like API keys securely in javascript projects with environment variables

How to save 0:00:56

How to save project secrets like API key 🕵️‍♂️ with DOTENV

Secrets and Environment 0:08:12

Secrets and Environment Variables in your GitHub Action

SECRET Way to 0:03:47

SECRET Way to Use Top AI APIs for FREE (DeepSeek-R1 now included!)

GitHub: DevSecOps: Part 0:14:11

GitHub: DevSecOps: Part 7/12: How to find secrets in your own code with Secret Scanning

Detect Secrets Demo 0:09:16

Detect Secrets Demo

GitLab: DevSecOps: Part 0:14:37

GitLab: DevSecOps: Part 7/12: How to find secrets in your own code with Secret Detection

GITHUB RECON TOOL 0:02:13

GITHUB RECON TOOL | TRUFFLEHOG | FINDING SECRETS AND API KEYS

Detect Secrets In 0:01:34

Detect Secrets In Docker Images With ggshield - The GitGuardian CLI

Mastering Inspect Element: 0:00:20

Mastering Inspect Element: Tips and Tricks for Web Development and Debugging

Are your secrets 0:53:00

Are your secrets secure? How mobile applications are leaking millions of credentials - Mackenzie J.

Detect secrets with 0:13:27

Detect secrets with a pre-commit git hook using ggshield and the pre-commit framework

Комментарии
Автор

TruffleHog is a superior solution to this - it can run in docker or in local k8s github runner with a simple actions step. No sending company code off to some random company.

MichaelBushey
Автор

Environment variables are not a recommended idea to store secrets, there are many cases of compromises caused by server errors spitting all env variables in the stack trace and leaking secret keys and creds.
Thanks for the video, but I am puzzled why is there a full *PAID* product around what 52 lines of code (see truffleHog) can do.

chevalieras
Автор

So basically I am sending loads of information to a third party API?

ArthurPieri
welcome to shbcf.ru