Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
A much, much better alternative is Mozilla SOPS. Just encrypt the YAML values but leave the keys readable (there's an option to encrypt also a whole text blob, but YAML is where it shines). Pluggable backend - you can use GPG, but also KMS or many others. Decrypt function native in Terragrunt, ArgoCD, Flux, Helm, and many others.
We use a self hosted Gitlab instance where we turned on the option to atleast detect .key files from commits. Another thing we do is we scan all our repositories using Gitleaks. It's fairly simple and works pretty well. Generates a text file report that will show you where a secret has been committed and by whom.