Solidroad (YC W25) Is Hiring (solidroad.com)

1 points by pjfin 1d ago 0 comments

Kyber (YC W23) Is Hiring a Technical Account Manager (ycombinator.com)

1 points by asontha 2d ago 0 comments

Roundtable (YC S23) Is Hiring a President / CRO (ycombinator.com)

1 points by timshell 3d ago 0 comments

Roame (YC S23) Is Hiring (ycombinator.com)

1 points by zman0225 3d ago 0 comments

GauntletAI (YC S17): All expenses paid AI training and guaranteed $200k+ job (gauntletai.com)

1 points by austenallred 3d ago 0 comments

SchemeFlow (YC S24) Is Hiring an Engineer (London) to Speed Up Construction (ycombinator.com)

1 points by andrewkinglear 3d ago 0 comments

Shaped (YC W22) Is Hiring (ycombinator.com)

1 points by tullie 4d ago 0 comments

Spice Data (YC S19) is hiring a software engineer – back end (ycombinator.com)

1 points by richard_pepper 4d ago 0 comments

Onlook (YC W25) Is Hiring an engineer in SF

1 points by D_R_Farrell 5d ago 0 comments

OneText (YC W23) Is Hiring a DevOps/DBA Lead Engineer (jobs.ashbyhq.com)

1 points by bluepnume 8d ago 0 comments

Gander (YC F24) Is Hiring Founding Engineers and Interns (ycombinator.com)

1 points by arjanguglani 8d ago 0 comments

Ziina (YC W21) the Series A fintech is hiring product engineers (ziina.notion.site)

1 points by faisaltoukan 9d ago 0 comments

Onyx (YC W24) – AI Assistants for Work Hiring Founding AE (ycombinator.com)

1 points by yuhongsun 9d ago 0 comments

Great Question (YC W21) Is Hiring a Director of Customer Success (ycombinator.com)

1 points by nedwin 9d ago 0 comments

Deepnote (YC S19) is hiring engineers to build an AI-powered data notebook (deepnote.com)

1 points by Equiet 9d ago 0 comments

Converge (YC S23) Well-capitalized New York startup seeks product developers (runconverge.com)

1 points by thomashlvt 10d ago 0 comments

CircuitHub (YC W12) is hiring full-stack robotics engineers (workatastartup.com)

1 points by seddona 10d ago 0 comments

AtoB (YC S20) – Stripe for Transportation – is hiring engineers (jobs.ashbyhq.com)

1 points by vignanv8 10d ago 0 comments

PromptArmor (YC W24) Is Hiring in San Francisco (ycombinator.com)

1 points by VikramJayanthi 11d ago 0 comments

Depot (YC W23) is hiring an enterprise support engineer (UK/EU) (ycombinator.com)

1 points by jacobwg 12d ago 0 comments

Patched (YC S24) Is Hiring SWEs in Singapore (ycombinator.com)

1 points by rohansood15 12d ago 0 comments

Activeloop(YC S18)Is Hiring Senior Backend and AI Search Engineer(Mountain View) (careers.activeloop.ai)

1 points by davidbuniat 12d ago 0 comments

Morph (YC S23) Is Hiring a ML Engineer

1 points by bhaktatejas922 12d ago 0 comments

Spark AI (YC W24) Is Hiring a Full Stack Engineer in San Francisco (ycombinator.com)

1 points by tk90 12d ago 0 comments

Demodesk (YC W19) Is Hiring Rails Engineers (demodesk.com)

1 points by alxppp 13d ago 0 comments

Piramidal (YC W24) Is Hiring a Senior Full Stack Engineer (ycombinator.com)

1 points by dsacellarius 13d ago 0 comments

AccessOwl (YC S22) is hiring an AI TypeScript Engineer to connect 100s of SaaS (ycombinator.com)

1 points by mathiasn 16d ago 0 comments

StackAI (YC W23) Is Looking for SWR and Tailwind Wizards (ycombinator.com)

1 points by baceituno 16d ago 0 comments

Weave (YC W25) is hiring a founding engineer (ycombinator.com)

1 points by adchurch 16d ago 0 comments

Infisical (YC W23) Is Hiring Full Stack Engineers (TypeScript) in US and Canada (ycombinator.com)

1 points by dangtony98 17d ago 0 comments

GoGoGrandparent (YC S16) is hiring Back end Engineers

1 points by davidchl 18d ago 0 comments

Ask HN: Prevent Secrets from Committing to Repos

4 abhijais1 3 6/15/2025, 2:05:42 PM

Hey I have been working on a solution to prevent secrets from committing to VCS repos, so far have prevented 10+ AWS keys from accidentally being committed. Github has an offering but it's very costly for our team. Does anyone of you want to try out ?

Comments (3)

scarface_74 · 8h ago

Why are AWS keys anywhere near your code in the first place?

For instance in Python, you initialize an object using

    boto3.client(“s3”)

When you use IAM identity center, you get temporary access keys which you assign to environment variables and the keys are automatically picked up.

Even if you use “aws configure” and have long lasting keys (don’t do that), your keys will be stored in your home directory, nowhere near your repository and still usable locally.

When running your code on AWS, whatever you are using to run it on will get permission from the IAM role attached to the Lambda, EC2, etc.

muzani · 3h ago

It tends to happen more on front end I think, especially since it's in the tutorial and many haven't been given the training on what to do better. Not really AWS, but even the trained ones will put it in a .local.properties file or something and then forget to add it to gitignore

SlightlyLeftPad · 2h ago

You really just need to not forget to do that. Isn’t it that simple?

A less snarky answer, and why AWS is largely a non issue these days is because the secrets were designed out of code And are effectively provided as an integral part of the infrastructure which includes regular and reliable expiration and rotation. So any chance you get, design secrets in this way.

The only thing ever in code are references to the correct roles or secrets. Only ever references to the location of the secret. Get in the habit of this and the problem is drastically reduced and becomes something you don’t have to think about.