Seal the Leak - Instantly Revoke Secrets with GitGuardian!
Release Date: September 23, 2025
We're thrilled to introduce Secret Revocation directly from the GitGuardian platform for supported providers, including GitHub, GitLab, and OpenAI. This enhancement is designed to accelerate your incident response process, reducing manual efforts and enabling you to quickly prevent attackers from leveraging your compromised secrets.
How it works:
- Quickly identify revocable secrets: Using the newly introduced
Revocable by GitGuardianTag. - Access Controls: Requires full-access permissions on the incidents.
- Instant Revocation: Revoke secrets immediately using the call-to-acttion from the incident detail view.
- Safety First: Includes a confirmation step to prevent accidental revocations.
- Closing the incident loop: Automatically resolves incidents when valid secrets are revoked.
- Comprehensive Audit Trail: Every revocation activities are tracked and logged within the incident timeline for compliance and auditing purposes.
Assess the impact first:
To prevent operational disruption, always assess the impact of a revocation first. GitGuardian provides the context you need to evaluate the risk, including identifying which workloads depend on the credential, so you can act confidently.
Why it matters:
Manual secret revocation is traditionally slow and complex, as it often involves different teams. This delays the incident response and increases the security risk compromised secrets pose. This integrated revocation feature significantly shortens secret exposure times and expedites incident response workflows, especially once the investigation confirms secret shall be revoked.
Enhancements
- Public API: Added Container Registries endpoints to the public API documentation.
- Pattern Exclusion: Improved performance and memory usage when checking the impact of secret pattern exclusions.
Fixes
- Container Registries Integrations: Fixed authentication error with Google Artifact Registry that was causing scan failures.
- Secret Scanning: Fixed incorrect secret count display in scan results to ensure consistency with actual detected secrets.
