What the GitGuardian secrets sprawl report reveals about leaked credentials
In this Help Net Security video, Dwayne McDaniel, Senior Developer Advocate at GitGuardian, presents findings from The State of Secrets Sprawl 2025.
McDaniel explains why generic secrets are especially difficult to detect, why private repositories pose an even greater risk, and how collaboration tools and Docker images have become overlooked sources of exposure. He also discusses the impact of AI coding assistants on security practices and the dangers of long-lived secrets and excessive permissions.
The video concludes with practical steps organizations can take, from rotating secrets quickly and integrating scans into CI/CD pipelines to centralizing secret managers and adopting ephemeral credentials.