At the beginning of September, I joined the Marketing Team at GitGuardian. Since then, I’ve been to Boston twice, Paris and Beziers once, a jazz club, a castle, and indoor mini golf while getting to know my co-workers. But the travel has been a side benefit of getting to work with/for a product in which I believe.
I feel a sincere connection to their mission, which is not just to help secure apps on the web and devices, but to secure the artifacts we use to produce them. One of the first things I got to do during my early days was edit a blog post on three recent security incidents that were caused or made worse by secrets sprawl.
What Is Secrets Sprawl?
Secrets are things that other people shouldn’t know. In software development, this includes passwords, private keys, randomization salts, API keys, and access tokens. Studies in the last decade showed these secrets showing up in public GitHub repositories. They were either accidentally and unknowingly leaked or they were not fully cleaned up. While fixing the leak in your code and pushing the update to GitHub may clean it up on the surface, it has to be cleaned out of the commit history as well.
If you read the post on the security incidents where secrets were exploited, you’ll see it’s not just on GitHub where attackers can find your secrets and our mission isn’t limited to GitHub either.
Why Is GitGuardian Cool?
Besides having multiple methods to help you ensure that your secrets never reach a leakable stage, GitGuardian has tools to help you clean up ones that have. Most importantly it has tools to assign and track the work, so it gets done.
They’ve also recently released a product called HoneyToken which creates decoy tokens for you to leak intentionally, so when someone tries to use one, you can know where they found it and get information about their access attempt.
But Back to Me!
This isn’t meant to be a commercial for GitGuardian or some free SEO for them (though it might have that effect). It’s about my new job. I have projects I’m working on that will hopefully launch in the next month or two, plus I’m writing and ghost writing blog posts and articles.
“But what about Developer Relations,” you might ask. My father died this spring (the day I recovered from COVID) and there are other family issues to deal with as well. To provide myself with more flexibility to be there for my family, I stepped back from Developer Advocacy / Evangelism. This role allows me to do cool things, but after one more work trip to get a feel for our in-person marketing at a conference, I will only be getting on the road for personal reasons for a while.
I explained my reasons for pulling back when I interviewed and GitGuardian has supported that. Maybe in a year or two, I’ll get back on the road, and possibly that will be as part of GitGuardian’s DevRel team. But for now, I’m safely ensconced in the home office I remodeled in January.
See ya on the socials and on the GitGuardian blog. But remember, on the socials and here, I speak for me, not my employer(s). Cheers!