APISecurityBestPractices
APISecurityBestPractices copied to clipboard
GitGuardian
Resources to help you keep secrets (API keys, database credentials, certificates, ...) out of source code and remediate the issue in case of a leaked API key. Made available by GitGuardian.
You have been sending me multiple emails looking like this: ``` GitGuardian has detected the following ____ exposed within your GitHub account. Details - Secret type: ____ - Repository: ____/____...
``` ### Store your secrets encrypted in a git repository **Advantages** * Your secrets are synced. ``` No, no no no no no, No. No. Secrets have no place in...
Hey Hi, I was unable to delete a user account or suspend my account in the https://app.gitguardian.com/ Kindly add that feature
There was just a false positive on one of my repos, where a Google APIKey is in the javascript. I tried clicking the false positive button on the email, but...
Hello, and thank you for the GitGuardian service that you provide, it is really useful. I want to point out that you should not auto-detect a Firebase API key as...
Hi, thanks for the heads up, and this is a neat service. I got a report about a discord API being exposed, and I assume it's this line in my...
``` secure: "ZsqWjlnthwiHrMCytHeYLzC6pasDzBYZAL4vPdx7+viGiahIoYDeN+FkoXASYP4Z9RachE3GKquXeTPKCjAJ0elvYKHe1PC6+BsZrQWVOIMMqa1vMOuPVAMk7ohDsE4JqzjxdWYAErxE/GgcE7+7F/s79d+x+zpg0c0DVkNiprFWYnz2liKX0Ya926anDUAfT1fsHfSjDETufrNs06jfNMroFbEN22ebxiKL8Xbip6f3fY2SEasmiQ5MhmjMreDTY1zemnTvsaMNzjzSou3z+zqV6Z/Xt/FrS4t42vmo37w9wLYUlREPR0FJ6Z+c5PI4l/+RdBKQfvlilZDIq60ZeF3uHE2tVlSMXaOtNS7EVO9vJjxWb2qSLWeh8kmGsT87sBocUVILFG3ibmnbPiGtW4rDxqgtYPnAaxDU8yQL72K1EDkuJytQIXXDefHZ/FA5/+UTzv3cCIF2OviIVx2oEHrnkbq+YPvyjLGzp+eg8/In8m5Mc63UoepknLvlz5JrUKYePj2IUuyI2Dvl7+O4qm5o+SvNutoeYJYsWrKkPiaDXfAJ+J4QMerO2qbF2AWCQHHfeTRK8Sn6geK0ZK8SXEVeIty5IA95Bt/pBZJ4ZCn8ehK3nvepLOwhy/gGyejrjMlG9rcAvAyvnSN8aT1cHJJaKkAlF22chLVQ1pIcukE=" ``` Travis CI secrets can't be decrypted, are not exposed to PRs from forks, and are removed from logs. * https://docs.travis-ci.com/user/encryption-keys/ * https://docs.travis-ci.com/user/best-practices-security/ * https://docs.travis-ci.com/user/environment-variables/#defining-encrypted-variables-in-travisyml
Hi there, link in your email points to [this commit](http://email.mail.gitguardian.com/c/eJxlkMFOwzAMhp-mva1KHCdODz0MJk5I8AbISZw2oltRl4HE05NxQkLywf712ZK_NClEHfoygdKjskBqRAd20INHBSd4OALq4xOOjx2qM5d1mEudb7ynwpchbud-mRQxcTIkIxBFq1M0lDWzdsKZs-nXaan149qZYwdPrdqJ5Rbu2204lxoXWdf3fZu_uQWvS7ku5TIPJ64c-Cota2jjWiMxZqRMOuKY9Dj6iOLFW7EGSCiRtoHAug5MKjkf0DqMbCQpyAIck7XZkAnoIWux_OyNwZ5X2etbSZPE7LIDyMqAOOsiW3SGQgjR-2y9GSk0PTEFckpQQs4umORDwBiT8f0-_f2nOZt_pd1F1elj39Khbu9y-eI7tB8-oaPH__F5S9L4jW91gdacSlPG60sUvvwAspSINQ ) The line number flagged comes up as `http://kadubeureum-serang.desa.id/wp-content/auto/autolink/autolinkauto/mailboxx/mailbox` which does not show any API key involved.
I assume an URL including `digitalocean` in combination with a public Ethereum address triggered the bot.
Metadata
Owner
Metadata
Resources to help you keep secrets (API keys, database credentials, certificates, ...) out of source code and remediate the issue in case of a leaked API key. Made available by GitGuardian.