- GitHub’s Push Protection is a good start but only prevents specific patterns of API keys from being pushed, missing many secrets like database credentials and encryption keys.
- Private repositories are not inherently safe, being 8x more likely to contain secrets than public ones.
- While helpful, secrets management tools alone are not a complete solution, with 5.1% of repositories using them still leaking secrets.
- Threats extend beyond source code, with 38% of exposed credentials in collaboration tools like Slack and Jira being classified as highly critical.
- Dynamic API Key Injection: Using a server-side mechanism to inject keys at runtime instead of hardcoding. Solutions like Approov use mobile app attestation to deliver keys only to trusted app instances.
- Mobile App Attestation: Verifying that API requests come from genuine, untampered app instances, preventing abuse from repackaged apps and bots.
- Dynamic Certificate Pinning: Ensuring apps automatically update to the latest certificate pins to block Man-in-the-Middle (MitM) attacks.
- Detecting and Blocking Rooted or Jailbroken Devices: Using RASP (Runtime Application Self-Protection) to detect and respond to unauthorised modifications.
- Monitoring and Revoking Compromised Secrets: Automating secret rotation and revocation, as 70% of valid secrets detected in 2022 were still active in 2024.
- The State of Secrets Sprawl 2025 Report (GitGuardian):
- Securing Mobile Apps Analyst Guide for Approov (Intellyx): https://intellyx.com/wp-content/uploads/2024/09/Securing-Mobile-Apps-Analyst-Guide-for-Approov-FINAL.pdf
- Approov Website: www.approov.io
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!