Skip to main content
HashiTalks 2025 Learn about unique use cases, homelab setups, and best practices at scale at our 24-hour virtual knowledge sharing event. Register
FAQ

How secret scanning helps fight secret sprawl

Learn about the best secret scanning solutions and how they help protect against breaches due to secret sprawl.

Secrets scanning is a process that allows you to find and identify secrets and other sensitive data hidden in source code or other locations such as documentation. Having the ability to scan for secrets and other sensitive data will:

  • Help protect your customers' data

  • Limit the potential for breaches due to leaked credentials

  • Set your company's reputation as one that prioritizes security

Some things to look for in a secret scanning product:

  • Relevance of data sources

  • Minimal false positives

  • Remediation workflows

  • Secrets leakage preventionAbility to prevent secrets from leaking in the first place

  • Checking whether secrets are in use / active

  • Can check multiple sources such as GitHub, Jira, ADO, GitLab, Bitbucket, and Terraform

Watch HashiCorp Co-founder and CTO Armon Dadgar cover the topic of secret scanning, and it's ability to mitigate secret sprawl in this whiteboard overview.

»Video chapters

0:00 Secrets scanning and introduction

0:30 What is a secret?

1:44 Risk of secrets sprawl

2:00 Sensitive data & how it's different than a secret?

4:15 Where secrets are commonly distributed

5:30 Where should secrets live?

6:40 HCP Vault Radar introduction

7:40 Secrets inventory and unmanaged secrets

9:20 Risk of false positives

10:00 Can we invalidate or validate scan findings?

11:00 Prioritizing scan findings

14:00 Why scanning needs to be a continuous process?

More resources like this one

4/11/2024FAQ

Introduction to HashiCorp Vault

Vault identity diagram
12/28/2023FAQ

Why should we use identity-based or "identity-first" security as we adopt cloud infrastructure?

3/14/2023Article

5 best practices for secrets management

2/3/2023Case Study

Automating Multi-Cloud, Multi-Region Vault for Teams and Landing Zones