Leaking Secrets
What It Is
Accidentally exposing sensitive information, usually by committing to GitHub
Analogy
Leaving the safe combination on a sticky note in a public place
Try It Out
Common Ways Secrets Get Leaked
Committing .env to GitHub
Bots scan for secrets in seconds
Sharing in Slack/Email
Messages can be forwarded or archived
Screenshots with secrets visible
Often shared accidentally
Logging sensitive data
Logs are often less protected
Exposing in frontend code
Anyone can view browser source
Prevention: Use .gitignore, environment variables, and secret managers
Related Terms in Security & Best Practices
Secrets
The combination to your safe — share it and you lose everything
Environment Variables
Settings you adjust depending on location — your home thermostat vs. the office
Token
A wristband at a concert — proves you paid without showing your credit card every time
OAuth
Using your driver's license to prove your age instead of showing your birth certificate