Do you know where your secrets are? Do you know what Uber, CircleCI, and Toyota all have in common? They had hardcoded credentials in plaintext somewhere in their environments, leading to either a public leak or enabling an attacker to expand their footprint during a breach. Understanding the problem with hardcoding secrets is simple, but how widespread is this problem? How fast is it growing? How does it keep happening? Moreover, what can you do to address it?