In a discussion featured on a Defense in Depth episode, cybersecurity experts including Allan Alford, David Spark, and Jeremy Thomas explored the pervasive issue of secret sprawl in git repositories. The conversation delved into why secrets and credentials often leak into both public and private repositories, highlighting human error and negligence as significant factors. The experts emphasized the importance of implementing risk-based approaches, automation, and training to prevent such leaks, while acknowledging that mistakes will inevitably occur. A consensus emerged that while technology can automate many preventive measures, the human component remains crucial. The discussion also touched on the limitations of relying solely on service providers to protect credentials, advocating for a cultural shift where security practices are embedded into development processes. The issue extends beyond code repositories to include messaging platforms like Slack, where secrets are frequently shared, further complicating the landscape. As secrets remain a persistent challenge, the responsibility ultimately falls on developers and organizations to safeguard sensitive information by embedding robust security measures throughout the development lifecycle.