Using Git hook templates to avoid committing secrets to public repositories

Git doesn’t have the concept of a per user global hook. It would be nice if you could create hooks in your home directory that could be executed in all repositories that you work with. Instead, it does allow you to write hooks that reside in a user specific template directory to then be copied into any repositories that you clone or create from scratch.

AWS CodeCommit SSH Key ID

Working on AWS CodeCommit today, I setup SSH access to the repository. During the initial configuration I provided the SSH public key in the AWS Console, but then couldn’t connect to my repository. In the brief instructions on the IAM Console page they tell you how to update your ~/.ssh/config file, but the example doesn’t explicitly say what the IdentityFile is supposed to be set to. In the more detailed instructions they do specify the IdentityFile should reference your private key, not your public key.

3rd Party Github Credential Scanning

While writing a Python library that performs scanning of Git repositories similar to AWS Labs’ git-secrets, I was surprised by some 3rd party scanning services randomly scanning my repository for AWS credentials. I had included deactivated AWS credentials in my repository so that I could test my library. My plan was to replace these credentials with a randomly generated string later on but at first I was satisfied to commit the actual (but not active) credentials to Github themselves.

Writing to the AWS Lambda SAM Local container /tmp filesystem

While using AWS Lambda SAM Local to test Lambda functions locally, I encountered an error writing to the current directory where the function was running in the container (/var/task/). I’m not claiming a best practice of writing to the filesystem while running a Lambda function, but that’s part of my learning process for the moment, and I will investigate other workflows shortly. But what I was able to get working successfuly was writing to the /tmp filesystem instead of the current working directory.

3 Ways to Prevent .pypirc Credentials or Other Secrets from Leaking onto Github

Even if you’re not involved in the Python community, you might have heard about this security incident a while back. This is a not uncommon scenario where developers who may not be Github or distribution tooling (or security) experts make a mistake and breed mistrust in their project as well as the distribution medium itself. But setting up your environment to prevent these accidental credential disclosures is easy to do, and will enhance your security posture.