I’ve put in some effort in recent months to remove secrets from multiple legacy code bases. That was the easy part, the though part is to change culture to prevent new secrets from leaking into the codebase in the future.
Luckily there are tools to help out with that: Gitleaks was a cool finding. It helps to find secrets before you commit them using different regular expressions that you can also extend.
You can plug it into your pipelines when validating a PR in my case Azure and Github, or even better as a pre-commit git hook
After that you don’t need to worry about any secrets in your source code.