N7x@infosec.pub to appsec@infosec.pubEnglish · 2 years agoGitHub Copilot, Amazon Code Whisperer emit people's API keyswww.theregister.comexternal-linkmessage-square11fedilinkarrow-up120
arrow-up120external-linkGitHub Copilot, Amazon Code Whisperer emit people's API keyswww.theregister.comN7x@infosec.pub to appsec@infosec.pubEnglish · 2 years agomessage-square11fedilink
minus-squareDoomBot5@lemmy.worldlinkfedilinkEnglisharrow-up1·2 years agoWow, that’s a terrible security process even for development configs. How about adding a script they can run right after cloning to pull the needed keys from a secure location using their own user credentials? Plenty of solutions out there.
minus-squaretmRgwnM9b87eJUPq@lemmy.worldlinkfedilinkEnglisharrow-up1·2 years agoSo let’s say the code base leaks. Let’s say our VPN was also compromised. Then what is the worst that can happen? Some internal dev api with no real data in it can be tested by hackers.
Wow, that’s a terrible security process even for development configs. How about adding a script they can run right after cloning to pull the needed keys from a secure location using their own user credentials? Plenty of solutions out there.
So let’s say the code base leaks.
Let’s say our VPN was also compromised.
Then what is the worst that can happen? Some internal dev api with no real data in it can be tested by hackers.