API keys, database connection strings, private keys, certificates, usernames, and passwords… As organizations move to cloud architectures, SaaS platforms, and microservices, developers handle increasing amounts of sensitive information, more than ever before. To add to that, companies are pushing for shorter release cycles, developers have many technologies to master, and the complexity of enforcing good security practices increases with the size of the organization, the number of repositories, the number of developer teams, and their geographical spread.
As a result, secrets are spreading across organizations, particularly within the source code. This pain is so huge that it even has a name: Let us introduce you to the concept of “secrets sprawl” and how this can lead to public exposure of some of your most sensitive assets.