New Feature: Secret Detection & Mitigation | Arnica

What user pains exist?

Hardcoded secrets are a regular practice during local development and are often forgotten in the git history or feature branches when code is pushed, where they become liabilities to both the product and the business. These secrets become weapons when found by malicious actors and their exposure compounds the longer they remain within the source code ecosystem.  

Detecting secrets within pull requests is too late as they may be stored in the git history for a long enough period to be exposed to an adversary. To reduce this risk, detected secrets need to be rotated. However, by reducing access to the repository and the exposure time of these secrets, the rotation process can be avoided.  

What we built!

Arnica’s answer to secrets risks doesn’t just detect hardcoded secrets that were added historically, but it prevents the exposure of new hardcoded secrets in source code as they pushed. At integration, Arnica identifies secrets within your source code, validating each secret to ensure that only active secrets are displayed within your risk output. From that moment on, Arnica actively monitors code pushes for new hardcoded secrets, immediately notifies the pusher of the code and mitigates the hardcoded secret. The developer receives an automated notification through its native collaboration tool such as Slack or Teams, providing a one-click mitigation path that both removes the secret and rewrites any history that it ever existed.  

Proper mitigation of hardcoded secret exposure requires the complete removal of the exposed secret, immediately. Arnica’s patent pending solution ensures the fastest and most complete threat removal strategy to enforce a zero new hardcoded secrets policy.

‍