{"id":100540,"date":"2025-03-05T10:53:59","date_gmt":"2025-03-05T08:53:59","guid":{"rendered":"https:\/\/staging.checkmarx.com\/?p=100540"},"modified":"2025-06-09T12:20:17","modified_gmt":"2025-06-09T10:20:17","slug":"the-dangers-of-exposed-secrets-and-how-to-prevent-them","status":"publish","type":"post","link":"https:\/\/checkmarx.com\/blog\/exposed-secrets-and-how-to-prevent-them\/","title":{"rendered":"The Dangers of Exposed Secrets \u2013 and How to Prevent Them\u00a0"},"content":{"rendered":"<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-1\">\n<strong>The Dangers of Exposed Secrets in Enterprise Source Code<\/strong>&nbsp;<\/h2>\n\n\n\n<p>Modern enterprise software relies on authentication tokens, API keys, encryption keys, certificates, and other sensitive credentials to enable secure communication between applications, microservices, APIs, and DevOps pipelines. However, these secrets often end up hardcoded in source code during the development process, whether unintentionally or as a shortcut for quick development (because hardcoding access credentials is simply the fastest and easiest way to write and test code).&nbsp;<\/p>\n\n\n\n<p>When exposed in public or internal repositories, these credentials become prime targets for attackers, who can exploit them to gain unauthorized access to critical systems, sensitive data, or cloud infrastructure. Even private repositories aren\u2019t immune \u2013 compromised developer accounts, insider threats, or misconfigured access controls can all lead to unintended exposure.&nbsp;&nbsp;<\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:66.66%\">\n<p>This fascinating <a href=\"https:\/\/www.wired.com\/story\/secret-hunting-bill-demirkapi\/\" target=\"_blank\" rel=\"noreferrer noopener\">Wired article<\/a> describes the staggering number of credentials leaked daily in GitHub and other accessible locations: A single security researcher uncovered 15,000 publicly exposed secrets and confirmed they were exploitable. These credentials granted access to, among others, the private assets of a state supreme court, a major university\u2019s Slack channels, and thousands of OpenAI customer accounts.&nbsp;<\/p>\n\n\n\n<p>The consequences of exposed secrets can be severe: data breaches, service outages, financial loss, regulatory fines, and reputational damage. Once attackers gain access, they can move laterally within systems to exfiltrate data, deploy malware, or launch further attacks.&nbsp;&nbsp;<br><\/p>\n\n\n\n<p><\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:33.33%\">\n<p class=\"has-text-align-left\" style=\"font-size:23px\"><strong><em><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-pale-pink-color\">83% of organizations report at least one security incident caused by hardcoded secrets in the past year (source: Thales Group), and breaches involving exposed secrets cost an average of $4.5 million per incident, factoring in downtime, fines, and remediation costs (source: IBM).<\/mark><\/em><\/strong><br><\/p>\n<\/div>\n<\/div>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-2\">\n<strong>Examples of Known Cyberattacks Enabled by Exposed Secrets<\/strong>&nbsp;<\/h2>\n\n\n\n<p>Exposed secrets have been at the center of numerous high-profile cyberattacks, underscoring the critical need to secure the software supply chain against this threat. Here are some notable examples:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Uber (2016) \u2013 Hackers exploited leaked AWS credentials to steal the personal data of 57 million users.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Slack (2017) \u2013 Tokens exposed on GitHub exposed the sensitive private messages of hundreds of companies.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Capital One (2019) \u2013 A hacker used a leaked access token to extract the personal data of over 100 million customers.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Microsoft (2020) \u2013 Attackers used exposed account credentials to access private Microsoft repositories.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>GitHub (2022) \u2013 Stolen OAuth tokens allowed attackers to access private source code and exfiltrate data.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Mercedes-Benz (2023) \u2013 An employee inadvertently uploaded a GitHub access token to a public repository, exposing source code, API keys, cloud access credentials, and design documents.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Football Australia (2024) \u2013 Leaked credentials enabled unauthorized access to 127 storage repositories holding customer purchase details, player contracts, and passport data.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Schneider Electric (2024) \u2013 Hackers used exposed credentials to steal 40GB of sensitive data, including the names and email addresses of 75,000 employees and customers.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-3\">\n<strong>How to Prevent the Leakage of Exposed Secrets<\/strong>&nbsp;<\/h2>\n\n\n\n<p>Traditional security tools aren\u2019t designed to detect or prevent leaks of secret credentials. To mitigate this risk, enterprises must enforce secure coding practices, adopt automated secrets detection, and integrate preventive controls into their software development lifecycle. Without these measures, a single leaked credential could lead to a catastrophic security incident.&nbsp;<\/p>\n\n\n\n<p>To minimize the risks of exposed secrets, enterprises should implement a four-pronged approach:&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\n<strong>1. Developer Training<\/strong>&nbsp;<\/h3>\n\n\n\n<p>The first line of defense is developer awareness. Companies should invest in security training that educates developers about how dangerous hardcoded secrets are\u2014even within internal repositories\u2014emphasizing that sensitive credentials should never appear in source code, configuration files, or documentation. The training should convey clear guidance regarding company policies and best practices.&nbsp;<\/p>\n\n\n\n<p>However, time pressure and development shortcuts often lead to mistakes. Even with first-rate training, secrets will occasionally end up in code. That\u2019s why additional safeguards are essential.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\n<strong>2. Secrets Management Tools<\/strong>&nbsp;<\/h3>\n\n\n\n<p>Organizations should adopt secrets management solutions to securely store and handle credentials. Each enterprise needs to evaluate the various types of solutions available and adopt the most relevant ones for their environment. Common examples include:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\n<strong>Cloud-based secrets management services<\/strong> integrate seamlessly with development environments and offer automated secrets rotation. Examples: AWS Secrets Manager, Azure Key Vault, Google Secret Manager.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\n<strong>Self-hosted secrets vaults<\/strong> are on-premises or private cloud deployments that provide enterprises with advanced access controls and audit logging. Examples: HashiCorp Vault, CyberArk Conjur, Doppler.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\n<strong>CI\/CD and DevOps-integrated secrets managers<\/strong>&nbsp;integrate with CI\/CD pipelines to securely inject secrets into applications, keeping them out of repositories. Examples: GitHub Actions Secrets, GitLab CI\/CD Secrets, Kubernetes Secrets.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\n<strong>API gateway &amp; identity-based secrets management<\/strong> solutions secure authentication credentials at the network layer instead of within applications. Examples: AWS IAM Roles, Google Workload Identity, HashiCorp Boundary.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\n<strong>3. Continuous Secrets Scanning<\/strong>&nbsp;<\/h3>\n\n\n\n<p>Even with secrets management tools, enterprises must continuously scan their repositories to detect and remediate exposed secrets. An effective scanning tool should:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\n<strong>Accurately identify<\/strong> hundreds of different types of secrets (e.g., authentication tokens, certificates, encryption keys, API keys), while minimizing false positives (to reduce noise and prevent alert fatigue).&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\n<strong>Automatically verify<\/strong> whether discovered secrets are still valid (and thus potentially exploitable) to help prioritize remediation efforts.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Allow <strong>developers to initiate their own scans<\/strong> from within the IDE before pushing code, to ensure that hardcoded secrets don\u2019t reach the repository.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Provide developers with <strong>remediation guidance<\/strong> within the IDE, pinpointing exactly where secrets were found.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enable managers to <strong>trigger automatic scans<\/strong> at critical stages in the development, build, and deploy lifecycle.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p><strong>4. Preventing Secrets from Reaching Repositories<\/strong>&nbsp;<\/p>\n\n\n\n<p>Once secrets are pushed to a shared repository, the risk skyrockets. Enterprises must prevent exposure by implementing pre-commit and pre-push hooks that:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Scan for secrets before commits are made.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Block repository pushes if secrets are detected.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Integrate with CI\/CD pipeline security checks to enforce policies automatically.&nbsp;<br>&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>By combining developer training, robust secrets management, continuous scanning, and proactive blocking, enterprises can dramatically reduce the risk of exposed secrets and protect their software supply chain.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-4\">\n<strong>Keep Your Secrets Secret with Checkmarx Secrets Detection<\/strong>&nbsp;<\/h2>\n\n\n\n<p>Checkmarx Secrets Detection proactively prevents the exposure of sensitive credentials by blocking any Git commit containing hardcoded secrets, ensuring that they never reach shared repositories. Automatic secrets identification and validation help developers quickly locate and remove exploitable secrets from their code, preventing leakage.&nbsp;<\/p>\n\n\n\n<p>A part of the Checkmarx One enterprise application security platform, Secrets Detection accurately identifies 170+ types of secrets. Scans can be initiated on demand or triggered via source control integrations (e.g., upon pull requests or builds), ensuring continuous protection throughout the development lifecycle, helping you:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\n<strong>Keep your secrets secret<\/strong> \u2013 Prevent the unintended exposure of sensitive credentials, tokens, keys, certificates, or URLs that can endanger your organization.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\n<strong>Secure your software supply chain<\/strong> \u2013 Make secrets leakage prevention a core component of your comprehensive software supply chain security (SSCS) strategy.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\n<strong>Improve regulatory compliance<\/strong> \u2013 Avoid fines and reputational damage by fully meeting regulations that require organizations to safeguard sensitive data (e.g., GDPR, HIPAA, PCI DSS, SOX, FISMA, CCPA).&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>To learn more about Checkmarx <a href=\"https:\/\/checkmarx.com\/product\/secrets-detection\/\" target=\"_blank\" rel=\"noreferrer noopener\">Secrets Detection<\/a>, read the <a href=\"https:\/\/checkmarx.com\/resources\/secrets-detection-solution-brief\/\" target=\"_blank\" rel=\"noreferrer noopener\">solution brief<\/a>.\u00a0<\/p>","protected":false},"excerpt":{"rendered":"<p>Modern enterprise software relies on authentication tokens, API keys, encryption keys, certificates, and other sensitive credentials to enable secure communication between applications, microservices, APIs, and DevOps pipelines. However, these secrets often end up hardcoded in source code during the development process, whether unintentionally or as a shortcut for quick development (because hardcoding access credentials is simply the fastest and easiest way to write and test code).\u00a0<\/p>\n","protected":false},"author":118,"featured_media":100542,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[85,84,1296,1280,844],"tags":[351,418],"class_list":["post-100540","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-application-security-trends","category-blog","category-secrets-detection","category-secure-coding-best-practices-for-developers","category-supply-chain-security","tag-appsec-awareness","tag-secrets"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>The Dangers of Exposed Secrets \u2013 and How to Prevent Them\u00a0<\/title>\n<meta name=\"description\" content=\"Exposed secrets in code lead to data breaches when credentials get leaked. Here are practices for preventing breaches through secrets management\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/blog\/exposed-secrets-and-how-to-prevent-them\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Dangers of Exposed Secrets \u2013 and How to Prevent Them\u00a0\" \/>\n<meta property=\"og:description\" content=\"Exposed secrets in code lead to data breaches when credentials get leaked. Here are practices for preventing breaches through secrets management\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/blog\/exposed-secrets-and-how-to-prevent-them\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"article:published_time\" content=\"2025-03-05T08:53:59+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-09T10:20:17+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/03\/Exposed-secrets-blog_3x-scaled-e1745549278333.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Joel Rose\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Joel Rose\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/checkmarx.com\/blog\/exposed-secrets-and-how-to-prevent-them\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/exposed-secrets-and-how-to-prevent-them\/\"},\"author\":{\"name\":\"Joel Rose\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/8cc863d656a4de523dab9b35c0756078\"},\"headline\":\"The Dangers of Exposed Secrets \u2013 and How to Prevent Them\u00a0\",\"datePublished\":\"2025-03-05T08:53:59+00:00\",\"dateModified\":\"2025-06-09T10:20:17+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/exposed-secrets-and-how-to-prevent-them\/\"},\"wordCount\":1175,\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/exposed-secrets-and-how-to-prevent-them\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/03\/Exposed-secrets-blog_3x-scaled-e1745549278333.webp\",\"keywords\":[\"AppSec Awareness\",\"secrets\"],\"articleSection\":[\"Application Security Trends &amp; Insights\",\"Blog\",\"Secrets Detection\",\"Secure Coding Best Practices for Developers\",\"Supply Chain Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/blog\/exposed-secrets-and-how-to-prevent-them\/\",\"url\":\"https:\/\/checkmarx.com\/blog\/exposed-secrets-and-how-to-prevent-them\/\",\"name\":\"The Dangers of Exposed Secrets \u2013 and How to Prevent Them\u00a0\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/exposed-secrets-and-how-to-prevent-them\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/exposed-secrets-and-how-to-prevent-them\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/03\/Exposed-secrets-blog_3x-scaled-e1745549278333.webp\",\"datePublished\":\"2025-03-05T08:53:59+00:00\",\"dateModified\":\"2025-06-09T10:20:17+00:00\",\"description\":\"Exposed secrets in code lead to data breaches when credentials get leaked. Here are practices for preventing breaches through secrets management\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/blog\/exposed-secrets-and-how-to-prevent-them\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/blog\/exposed-secrets-and-how-to-prevent-them\/#primaryimage\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/03\/Exposed-secrets-blog_3x-scaled-e1745549278333.webp\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/03\/Exposed-secrets-blog_3x-scaled-e1745549278333.webp\",\"width\":1200,\"height\":600,\"caption\":\"secrets detection\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/8cc863d656a4de523dab9b35c0756078\",\"name\":\"Joel Rose\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/03\/MicrosoftTeams-image-13-150x150.jpg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/03\/MicrosoftTeams-image-13-150x150.jpg\",\"caption\":\"Joel Rose\"},\"url\":\"https:\/\/checkmarx.com\/author\/joelr\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The Dangers of Exposed Secrets \u2013 and How to Prevent Them\u00a0","description":"Exposed secrets in code lead to data breaches when credentials get leaked. Here are practices for preventing breaches through secrets management","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/blog\/exposed-secrets-and-how-to-prevent-them\/","og_locale":"en_US","og_type":"article","og_title":"The Dangers of Exposed Secrets \u2013 and How to Prevent Them\u00a0","og_description":"Exposed secrets in code lead to data breaches when credentials get leaked. Here are practices for preventing breaches through secrets management","og_url":"https:\/\/checkmarx.com\/blog\/exposed-secrets-and-how-to-prevent-them\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","article_published_time":"2025-03-05T08:53:59+00:00","article_modified_time":"2025-06-09T10:20:17+00:00","og_image":[{"width":1200,"height":600,"url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/03\/Exposed-secrets-blog_3x-scaled-e1745549278333.webp","type":"image\/webp"}],"author":"Joel Rose","twitter_card":"summary_large_image","twitter_creator":"@checkmarx","twitter_site":"@checkmarx","twitter_misc":{"Written by":"Joel Rose","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/checkmarx.com\/blog\/exposed-secrets-and-how-to-prevent-them\/#article","isPartOf":{"@id":"https:\/\/checkmarx.com\/blog\/exposed-secrets-and-how-to-prevent-them\/"},"author":{"name":"Joel Rose","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/8cc863d656a4de523dab9b35c0756078"},"headline":"The Dangers of Exposed Secrets \u2013 and How to Prevent Them\u00a0","datePublished":"2025-03-05T08:53:59+00:00","dateModified":"2025-06-09T10:20:17+00:00","mainEntityOfPage":{"@id":"https:\/\/checkmarx.com\/blog\/exposed-secrets-and-how-to-prevent-them\/"},"wordCount":1175,"publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"image":{"@id":"https:\/\/checkmarx.com\/blog\/exposed-secrets-and-how-to-prevent-them\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/03\/Exposed-secrets-blog_3x-scaled-e1745549278333.webp","keywords":["AppSec Awareness","secrets"],"articleSection":["Application Security Trends &amp; Insights","Blog","Secrets Detection","Secure Coding Best Practices for Developers","Supply Chain Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/blog\/exposed-secrets-and-how-to-prevent-them\/","url":"https:\/\/checkmarx.com\/blog\/exposed-secrets-and-how-to-prevent-them\/","name":"The Dangers of Exposed Secrets \u2013 and How to Prevent Them\u00a0","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/checkmarx.com\/blog\/exposed-secrets-and-how-to-prevent-them\/#primaryimage"},"image":{"@id":"https:\/\/checkmarx.com\/blog\/exposed-secrets-and-how-to-prevent-them\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/03\/Exposed-secrets-blog_3x-scaled-e1745549278333.webp","datePublished":"2025-03-05T08:53:59+00:00","dateModified":"2025-06-09T10:20:17+00:00","description":"Exposed secrets in code lead to data breaches when credentials get leaked. Here are practices for preventing breaches through secrets management","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/blog\/exposed-secrets-and-how-to-prevent-them\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/blog\/exposed-secrets-and-how-to-prevent-them\/#primaryimage","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/03\/Exposed-secrets-blog_3x-scaled-e1745549278333.webp","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/03\/Exposed-secrets-blog_3x-scaled-e1745549278333.webp","width":1200,"height":600,"caption":"secrets detection"},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]},{"@type":"Person","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/8cc863d656a4de523dab9b35c0756078","name":"Joel Rose","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/03\/MicrosoftTeams-image-13-150x150.jpg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/03\/MicrosoftTeams-image-13-150x150.jpg","caption":"Joel Rose"},"url":"https:\/\/checkmarx.com\/author\/joelr\/"}]}},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/100540","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/118"}],"replies":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/comments?post=100540"}],"version-history":[{"count":0,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/100540\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media\/100542"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=100540"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/categories?post=100540"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/tags?post=100540"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}