Keeping secrets out of public repositories

Accidental leaks of API keys and other sensitive information pose significant security, reputational, and legal risks, with GitHub detecting over a million leaked secrets on public repositories in early 2024 alone. To mitigate this, GitHub has enabled secret scanning push protection by default for all public repository pushes, automatically blocking commits containing detected secrets and offering users the choice to remove the secret or bypass the block if deemed safe. This change, designed to protect coders' reputations and data integrity, allows users to customize their settings, including the option to disable push protection, though it's not recommended. For private repositories, organizations using GitHub Enterprise can enhance security with GitHub Advanced Security, which includes secret scanning, code scanning, and other security features. GitHub's secret scanning covers over 200 token types from more than 180 service providers, offering high precision and minimizing false positives to safeguard public repositories.