[bottled_poe]

And should be easily caught in code reviews and CI jobs?

[viraptor]

Sure, and it will be caught by CI (if you set it up (properly)) and code review (if it happens (and nobody misses it (and no commits are pushed as a cleanup after (...)))).

So basically if everything works perfectly, you won't have that problem. We know processes don't work perfectly, so it's better to avoid that issue in the first place by never leaving the literal tokens in the config.

Also, even if your CI catches the problem, it's too late - your credentials are now in the repo and in the CI system and likely in your log collector attached to the CI. You'll need to roll them. Same with reviews.

[dotancohen]

Which occur after the code is in git and pushed.

[bottled_poe]

So change the secrets and/or find professional developers? Sorry, not sorry, it’s an amateur mistake, not acceptable in a professional environment. Why would an amateur possess the secrets in the first place?

[dotancohen]

I prefer a security model slightly more robust than "None of the professionals working on this project will ever make a mistake".

[mountainriver]

You too?

[d4mi3n]

Ever try cleaning Git commit history? How about having GitHub clear a repository cache containing a secret?

You’re not wrong, but this is a whole class of issue that can be avoided for trivial levels of effort.