Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I have an idea:

What if companies using secret keys (not SaaS providers who generate secret keys) voluntarily send their secret keys (MD5 hashed or somehow encrypted) to GitHub and GitHub can then monitor their leakage and notify the company?

Is this useful or feasible?



Github already has system to invalidate tokens without storing any hashes themselves https://docs.github.com/en/code-security/secret-scanning/sec...


Yes. This is dependent on some kind of agreement or understanding between SaaS provider and GitHub.

I'm thinking of a generic approach which is independent of where you got the secret key and its format.


Same system can be applied for repo owner being pattern provider and getting notified with matches but if i had to guess only enterprise customers might get feature like this




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: