Security News > 2024 > February > GitHub enables push protection by default to stop secrets leak
GitHub has enabled push protection by default for all public repositories to prevent accidental exposure of secrets such as access tokens and API keys when pushing new code.
Push protection proactively prevents leaks by scanning for secrets before 'git push' operations are accepted and blocking the commits when a secret is detected.
"This week, we began the rollout of push protection for all users. This means that when a supported secret is detected in any push to a public repository, you will have the option to remove the secret from your commits or, if you deem the secret safe, bypass the block," GitHub's Eric Tooley and Courtney Claessens said.
Even with push protection toggled on by default for all public repos, GitHub users can circumvent the automated commit block.
"In just the first eight weeks of 2024, GitHub has detected over 1 million leaked secrets on public repositories. That's more than a dozen accidental leaks every minute."
More details on using push protection from the command line or allowing some secrets to be pushed are available on this GitHub documentation page.