Project Redact: Implementing Guardrails to Protect Secrets | by Renae Kang | Nov, 2024

For more than four decades, organizations worldwide have faced the persistent challenge of mishandling secrets, leading to unintentional exposure of passwords, tokens, authentication cookies, and API keys. The mishandling of these credentials can open the door for malicious actors to gain access to restricted data and systems. This issue, commonly known as “secret leakage” has consistently posed security risks, leaving companies of all sizes across various industries vulnerable to unauthorized access to data and intellectual property.

To address this growing concern, Adobe has launched Project Redact, an initiative focused on proactively educating developers about secure coding best practices and implementing specific guardrails to help guard secrets and prevent sensitive data exposure. Project Redact utilizes automation tools to detect and mitigate instances where sensitive information might unintentionally surface in logs or developer workflows.

In this blog, I will highlight common developer mistakes that can lead to breaches and discuss how organizations can implement thoughtful security guardrails to help enforce best practices that keep sensitive information from falling into the wrong hands.

Common Pitfalls to Avoid

Most often, secret leakage stems from misconfigurations, human error, or failure to follow security policies, leading developers to inadvertently hard-code secrets into public repositories or insecure solutions. To protect sensitive information, developers need to be aware of the most common mistakes that lead to secret leakage; By recognizing these risks, they can avoid exposing passwords, tokens, and other credentials to unauthorized parties.

Key areas to watch out for include:

• Embedding Secrets in Code: Avoid hard-coding plain-text passwords or API keys directly into application source code when provisioning cloud services. Instead, rely on centralized secrets management solutions that store and handle secrets securely, helping to ensure that secrets are not accidentally committed to public repositories.
• Misusing Secrets Management Solutions: Even when using a centralized secrets management system, developers should ensure proper configuration and permissions. Be cautious of exposing secrets in plain text during debugging, such as printing sensitive information to logs.
• Exposing Secrets in Command Line Arguments: When working in production environments, avoid using direct command-line arguments that include sensitive data such as passwords or API keys. Enterprise Detection and Response (EDR) tools may capture these commands without masking the data, unintentionally exposing the secrets.

While the accidental leakage of secrets may occur, there are steps organizations can and should take to identify and eliminate these risks before they turn into security vulnerabilities.

Security Guardrails and Best Practices for Developers

Project Redact offers a comprehensive solution to prevent the mishandling of secrets across product and development teams by establishing robust security guardrails. These guardrails, grounded in multiple industry best practices, empower our engineers to follow secure coding practices, proactively preventing errors that could result in the leakage of sensitive information.

Key safeguards include:

• Secret Management Solutions: Developers are required to use centralized, distributed secret management systems instead of embedding secrets in user data or CloudFormation templates. This ensures regular auditing of roles and logs.
• Access Limitations: Direct access to secrets managers and logs is restricted to authorized team members only, helping ensure together control over sensitive information.
• Multi-Factor Authentication Solutions: Access to secrets managers requires multi-factor authentication (MFA) with strict controls in place, adding an additional layer of security.
• Avoid Environment Variables: Our policies in place prohibit developers from storing secrets in environment variables, helping reduce potential exposure.
• Source Code Scanning: Our CI/CD pipelines include automated source-code scanning capabilities to help product teams identify and remediate vulnerabilities before deployment at scale.
• Data Lake Solutions: To prevent secret information from reaching data stores, we leverage a data lake solution optimized for batch data ingestion. A redaction layer is applied on top of this data lake, which removes or masks sensitive data by using advanced techniques such as regular expressions (regex), pattern matching, name matching, and other contextual filters.
• Splunk-Based Searches: To detect and mitigate the risk of sensitive information exposure — such as passwords, usernames, tokens, and cookies — left unmasked in memory by EDR solutions, we implement Splunk-based search queries. These searches are designed to identify secret leakage using regex and pattern matching, and they can be customized to incorporate an organization’s unique use cases.

By adhering to the guardrails above, product teams can help reduce the risk of exposing secrets that could potentially lead to security vulnerabilities. This not only helps strengthen Adobe’s overall security posture but also enables our developers to develop and deploy with confidence.

Cost of Leaks Is No Secret

It is no secret that data breaches resulting from secret leakage can be detrimental to organizations, leading to substantial financial losses, compromised intellectual property, legal ramifications, and reputational damage. It is therefore imperative to protect the sensitive information used to access your organization’s systems and resources by integrating proactive industry-standard guardrails into development workflows.

Moreover, it’s important to recognize that protecting secrets is a shared responsibility among all individuals with access to sensitive data. For prevention measures to be truly effective, they must be adopted universally across the organization.