Context and Problem An AWS EKS Cluster was attacked, and its secrets were compromised. The Kubernetes Secrets were not encrypted, anyone who works with Kubernetes know they are only base64-encoded by default . Task I had a mission to scan 115 repositories across GitHub and Azure DevOps for secrets exposed anywhere in the Git history. The goal was simple: identify exposed secrets and provide actionable reports for the engineering team to fix them. A colleague recommended a tool called TruffleHog , which became the foundation of the workflow. TruffleHog "TruffleHog is a secrets scanning tool that digs deep into your code repositories to find secrets, passwords, and sensitive keys." — TruffleHog official website My Workflow Read the TruffleHog documentation; Ran a test in a personal GitHub repository to see how the tool works; Check the total amount of repositories to scan, 115; Designed how I was going to complete the Task: - Decided to automate the process using Bash and jq.…