[chasil]

The deal killer for me, the inescapable aspect of my users, is that they insist upon checking passwords into revision control.

Because the C and PL/SQL people are on CVS, I can fix this with vi on the ,v archive.

First on TFS repositories, and now with git grep I can easily find exposed passwords for many things. But it's just SQL Server!

We will never be able to use git responsibly, so I will peruse this guide with academic interest.

Don't even get me started on secrecy management.

I am looking forward to retirement!

[rblatz]

The devs shouldn’t have access to prod credentials in the first place. That’s the real issue.

[chasil]

Internal audit said the same thing.

Quelle surprise!

[sampullman]

Commiting credentials is also a real issue, best to avoid doing both.

[zelphirkalt]

Then you need to hire someone else to manage the deployment of services though.

[rswail]

Sounds like you need a pre-commit hook to check.

[maccard]

Pre commit hooks aren’t enforcable. People need to opt in to them, and the people who opt in to them are the people who will check for passwords before they commit.

[n_plus_1_acc]

Server-side pre-recieve hooks are better