summaryrefslogtreecommitdiff
path: root/doc/user/application_security/secret_detection/index.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/user/application_security/secret_detection/index.md')
-rw-r--r--doc/user/application_security/secret_detection/index.md11
1 files changed, 6 insertions, 5 deletions
diff --git a/doc/user/application_security/secret_detection/index.md b/doc/user/application_security/secret_detection/index.md
index 3155114d98a..bb4fa7f914c 100644
--- a/doc/user/application_security/secret_detection/index.md
+++ b/doc/user/application_security/secret_detection/index.md
@@ -195,12 +195,13 @@ Pipelines now include a Secret Detection job.
## Responding to a leaked secret
-Secrets detected by the analyzer should be immediately rotated.
-[Purging a file from the repository's history](../../project/repository/reducing_the_repo_size_using_git.md#purge-files-from-repository-history)
-may not be effective in removing all references to the file. Additionally, the secret will remain in any existing
-forks or clones of the repository.
+When a secret is detected, you should rotate it immediately. GitLab attempts to
+[automatically revoke](post_processing.md) some types of leaked secrets. For those that are not
+automatically revoked, you must do so manually.
-GitLab will attempt to [automatically revoke](post_processing.md) some types of leaked secrets.
+[Purging a secret from the repository's history](../../project/repository/reducing_the_repo_size_using_git.md#purge-files-from-repository-history)
+does not fully address the leak. The original secret remains in any existing forks or
+clones of the repository.
## Pinning to specific analyzer version
View Lorry Controller Status