Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Another major flaw:

Transparent decryption sounds nice. Until you commit decrypted secrets by mistake.

Because the encryption/decryption is transparent, you won't notice if the .gitattributes pattern-matching is wrong until it's too late.

I did this myself and saw it happen in the wild as well.



using pre-commit with a hook to prevent secrets from being committed provides a bit more help preventing this mistake. Nor full-proof because you could always commit say a base64 encoded .env file.


That relies on the user configuring git hooks correctly, which is a similar problem as noticing that transparent decryption is configured correctly.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: