The current web page context is an article that discusses:
Credential exposure: A common and risky practice of embedding sensitive information such as passwords, keys, and tokens in source code. This can lead to unauthorized access, impersonation, or manipulation by attackers.
PyPI study: A recent report by GitGuardian that found almost 4,000 unique secrets in 450,000 projects submitted to PyPI, the official repository for Python code. Many of these secrets were still active and could be exploited.
Prevention methods: Some ways to avoid credential exposure in code, such as using .env files, secret managers, or scanners. The report also suggests that some developers are unaware that they have made their projects public.
Despite more than a decade of reminding, prodding, and downright nagging, a surprising number of developers still can’t bring themselves to keep their code free of credentials that provide the keys to their kingdoms to anyone who takes the time to look for them.
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
