GitHub's New Security Feature Catches Secrets Before You Commit Them
GitHub released a new security feature that scans your commits for secrets.
What Actually Happened
GitHub expanded their secret scanning push protection to all public repositories. Previously, you had to enable it manually. Now it's automatic.
When you try to push code containing a detected secret, GitHub blocks the push and tells you what it found.
What Gets Detected
GitHub scans for patterns matching known secret formats: AWS access keys, GitHub tokens, Slack webhooks, Stripe API keys, and 100+ other patterns.
The Limitations
- Only public repositories — Private repos need manual enable
- Pattern matching isn't perfect — False positives happen
- Doesn't fix existing secrets — Only catches new commits
My Take
This is the kind of security feature I like: automated detection with human remediation. The real value isn't the scanning—it's the education.