What mechanisms would you use to prevent developers from committing hardcoded secrets into a Git repository at Global Payment Holding?