APISecurityBestPractices
APISecurityBestPractices copied to clipboard
Resources to help you keep secrets (API keys, database credentials, certificates, ...) out of source code and remediate the issue in case of a leaked API key. Made available by GitGuardian.
You have been sending me multiple emails looking like this: ``` GitGuardian has detected the following ____ exposed within your GitHub account. Details - Secret type: ____ - Repository: ____/____...
``` ### Store your secrets encrypted in a git repository **Advantages** * Your secrets are synced. ``` No, no no no no no, No. No. Secrets have no place in...
Hey Hi, I was unable to delete a user account or suspend my account in the https://app.gitguardian.com/ Kindly add that feature
There was just a false positive on one of my repos, where a Google APIKey is in the javascript. I tried clicking the false positive button on the email, but...
Hello, and thank you for the GitGuardian service that you provide, it is really useful. I want to point out that you should not auto-detect a Firebase API key as...
Hi, thanks for the heads up, and this is a neat service. I got a report about a discord API being exposed, and I assume it's this line in my...
``` secure: "ZsqWjlnthwiHrMCytHeYLzC6pasDzBYZAL4vPdx7+viGiahIoYDeN+FkoXASYP4Z9RachE3GKquXeTPKCjAJ0elvYKHe1PC6+BsZrQWVOIMMqa1vMOuPVAMk7ohDsE4JqzjxdWYAErxE/GgcE7+7F/s79d+x+zpg0c0DVkNiprFWYnz2liKX0Ya926anDUAfT1fsHfSjDETufrNs06jfNMroFbEN22ebxiKL8Xbip6f3fY2SEasmiQ5MhmjMreDTY1zemnTvsaMNzjzSou3z+zqV6Z/Xt/FrS4t42vmo37w9wLYUlREPR0FJ6Z+c5PI4l/+RdBKQfvlilZDIq60ZeF3uHE2tVlSMXaOtNS7EVO9vJjxWb2qSLWeh8kmGsT87sBocUVILFG3ibmnbPiGtW4rDxqgtYPnAaxDU8yQL72K1EDkuJytQIXXDefHZ/FA5/+UTzv3cCIF2OviIVx2oEHrnkbq+YPvyjLGzp+eg8/In8m5Mc63UoepknLvlz5JrUKYePj2IUuyI2Dvl7+O4qm5o+SvNutoeYJYsWrKkPiaDXfAJ+J4QMerO2qbF2AWCQHHfeTRK8Sn6geK0ZK8SXEVeIty5IA95Bt/pBZJ4ZCn8ehK3nvepLOwhy/gGyejrjMlG9rcAvAyvnSN8aT1cHJJaKkAlF22chLVQ1pIcukE=" ``` Travis CI secrets can't be decrypted, are not exposed to PRs from forks, and are removed from logs. * https://docs.travis-ci.com/user/encryption-keys/ * https://docs.travis-ci.com/user/best-practices-security/ * https://docs.travis-ci.com/user/environment-variables/#defining-encrypted-variables-in-travisyml
Hi there, link in your email points to [this commit](http://email.mail.gitguardian.com/c/eJxlkMFOwzAMhp-mva1KHCdODz0MJk5I8AbISZw2oltRl4HE05NxQkLywf712ZK_NClEHfoygdKjskBqRAd20INHBSd4OALq4xOOjx2qM5d1mEudb7ynwpchbud-mRQxcTIkIxBFq1M0lDWzdsKZs-nXaan149qZYwdPrdqJ5Rbu2204lxoXWdf3fZu_uQWvS7ku5TIPJ64c-Cota2jjWiMxZqRMOuKY9Dj6iOLFW7EGSCiRtoHAug5MKjkf0DqMbCQpyAIck7XZkAnoIWux_OyNwZ5X2etbSZPE7LIDyMqAOOsiW3SGQgjR-2y9GSk0PTEFckpQQs4umORDwBiT8f0-_f2nOZt_pd1F1elj39Khbu9y-eI7tB8-oaPH__F5S9L4jW91gdacSlPG60sUvvwAspSINQ ) The line number flagged comes up as `http://kadubeureum-serang.desa.id/wp-content/auto/autolink/autolinkauto/mailboxx/mailbox` which does not show any API key involved.
I assume an URL including `digitalocean` in combination with a public Ethereum address triggered the bot.