GitHub is pretty much the biggest game in town when it comes to sharing software development projects. But it can be challenging to ensure projects are saved without accidentally revealing credentials and other secrets. Microsoft has offered some some advice and tools to help protect against accidentally revealing confidential data.
Some of the Azure secrets that need to be protected are passwords, private keys, database connection strings, and storage account keys.
One of the tools Microsoft uses is Credential Scanner, or CredScan, which monitors all incoming commits on GitHub and checks for specific Azure tenant secrets. When an exposed secret is detected the Azure subscription owner is notified via email and they receive guidance on how to fix the exposure.
There’s more information on how this works on the Azure blog.
Credential theft remains the main stock in trade for threat actors so ensuring developers don’t accidentally expose confindential information is a criucual line in your cyber defence.