There are now on the net public source code repository monitoring tools. These “lie in wait” for key words such as “password”, “secret”, “key” and the like in search of careless users who areuploading sensitive data or credentials to their repositories. A good example is the following:
There are also some with an online real-time web monitoring version, as is the case of the following tool. By clicking on this link and leaving the page open a few minutes we begin to see the amount of commits with sensitive data made inadvertently by people in their Github repositories. In my opinion this tool is simply BRILLIANT:
Once more we are made forcibly aware of the sheer importance of good programming practices. Credentials like our API keys or similar should NEVER be uploaded to a code repository, much less so if public. Unlikely as it may seem, there is in fact always someone on the watch.
We at GMV take security very seriously. Our development teams therefore follow a methodology to ensure that such inadvertent uploads never occur. There follows an outline of the most important measures to avoid mistakes of this type:
- As a general rule sensitive data should never be kept in the repository. Notwithstanding this, should it prove necessary for any reason, a previous check of repository visibility should be made before any commit containing data of this type. This repository should always be private.
- We all know that, in general, no credentials of any type should ever be left in an app code, but if there is no other option, these credentials should never be in plain text in the source code but always in encrypted form.
- If unsure about the commit you are about to make, due to doubts about a possible knock-on security effect on sensitive data, the best idea is to refrain from doing so until running it by a line manager, project manager or any other person who could give you some guidance.
- It should be borne in mind here that after any push action in Git the data concerned is then recorded for good in the repository, even if a Git reset is then made. Anyone with Git expertise would be able to access and check the data at will. The only options after an incident of this type are therefore either to delete the repository or change these passwords quickly and, obviously, never upload them again afterwards.
- Bear in mind that the uploading of passwords or sensitive data can then be accessed by a third party system, thus incurring inadvertently in a GDPR breach.
Processing sensitive data in the app code is no easy task. We insist here that any developer should think twice before making any commit containing any type of credential or sensitive data. Always remember that, depending on the type of repository or environment concerned, it is not usually a recommendable practice.
This article is not meant to instill fear, simply to invite pause for thought and encourage secure development by following good programming practices.
Author: Oscar Alfonso Díaz
Las opiniones vertidas por el autor son enteramente suyas y no siempre representan la opinión de GMV
The author’s views are entirely his own and may not reflect the views of GMV