GitGuardian’s State of Secrets Sprawl 2025 report shows no progress in combating secrets sprawl, with 23.8 million secrets leaked on public GitHub repositories in 2024—a 25% year-over-year increase.

Despite GitHub Push Protection’s efforts, secrets sprawl is accelerating, especially with generic secrets, which made up 58% of all leaked credentials.

More troubling, 70% of secrets leaked in 2022 remain active, significantly expanding the attack surface for threat actors.

The report makes one thing clear: secrets management must evolve beyond detection. Organizations must proactively prevent, discover, detect, and remediate leaked credentials before exploitation.

GitGuardian recommends a multi-layered approach to secrets security: