GitGuardian’s State of Secrets Sprawl 2025 report shows no progress in combating secrets sprawl, with 23.8 million secrets leaked on public GitHub repositories in 2024—a 25% year-over-year increase.
Despite GitHub Push Protection’s efforts, secrets sprawl is accelerating, especially with generic secrets, which made up 58% of all leaked credentials.
More troubling, 70% of secrets leaked in 2022 remain active, significantly expanding the attack surface for threat actors.
The report makes one thing clear: secrets management must evolve beyond detection. Organizations must proactively prevent, discover, detect, and remediate leaked credentials before exploitation.
GitGuardian recommends a multi-layered approach to secrets security:
- Deploy real-time monitoring for leaked credentials across all environments.
- Implement centralized secrets detection to track exposure across repositories, collaboration tools, and containers.
- Enforce semi-automated secrets rotation policies to eliminate long-lived credentials.
- Provide clear guidelines for developers on secure vault usage and secrets hygiene.
