AUTOMATED MANAGEMENT OF SECRET DATA LEAKAGE RISKS IN SOURCE CODE

Abstract

This article presents a comprehensive investigation of information-security risks arising from the uncontrolled storage of secret data in the source code of contemporary software systems. It provides an in-depth analysis of the principal categories of sensitive information—API keys, access tokens, database credentials, private cryptographic keys, and configuration parameters—whose leakage poses critical threats to the integrity, confidentiality, and availability of IT infrastructures. Particular attention is devoted to infrastructure-level risks in multi-cloud environments and automated CI/CD pipelines, where accidental inclusion of credentials in source code can compromise the software supply chain, enable unauthorized access to cloud services, and disrupt business-critical processes. Within the empirical part of the research, one hundred public GitHub repositories were analyzed using state-of-the-art secret-detection tools (TruffleHog, GitLeaks, detect-secrets). The collected findings were classified by type of secret, criticality level, and potential impact, which made it possible to identify the most common risk vectors and to prioritize their mitigation. A formal risk assessment was performed in accordance with the NIST SP 800-30 methodology, which involves the identification of assets, threats, and vulnerabilities, as well as evaluation of the likelihood and potential impact of threat realization. Based on this analysis, the paper substantiates the necessity of integrating secure secret-management practices into the Software Development Lifecycle (SDLC) through automated code scanning, the deployment of centralized secret managers (such as HashiCorp Vault, AWS Secrets Manager, and Google Secret Manager), mechanisms for key rotation and revocation, and role-based access control (RBAC) policies. The study demonstrates that combining technical measures with organizational initiatives—systematic personnel training, the adoption of DevSecOps practices, regular security audits, and formalized code-review procedures—reduces secret-leak incidents by more than 85 % and ensures compliance with international information-security standards (ISO/IEC 27001, NIST SP 800-53, SOC 2). The results confirm the effectiveness of a holistic, automated approach to managing the risks of secret leakage and outline methodological foundations for establishing mature secure-development processes in multi-cloud and microservice architectures.

Keywords: DevSecOps, source code leakage, secrets detection, hardcoded credentials, security automation, CI/CD security, GitHub, AWS keys.