cloud-security
Safeguard articles tagged "cloud-security" — guides, analysis, and best practices for software supply chain and application security.
290 articles
Designing least-privilege custom roles with Azure RBAC
A practical guide to designing least-privilege custom roles in Azure RBAC, covering over-permissioning pitfalls, scoping, and audit strategies.
Choosing between Key Vault access policies and RBAC permi...
Access policies or RBAC? A concrete breakdown of Azure Key Vault's two permission models, when each still makes sense, and how to migrate safely.
Best practices for using Azure Managed Identity instead o...
A step-by-step guide to Azure Managed Identity best practices: system vs user assigned identities, least-privilege roles, and secretless authentication.
Configuring soft delete and purge protection for Azure Ke...
A step-by-step guide to enabling Key Vault soft delete and purge protection, recovering deleted secrets, and applying backup practices to prevent permanent data loss.
Using Privileged Identity Management for just-in-time Azu...
A practical guide to using Azure conditional access PIM for just-in-time role activation, reducing standing privileges and strengthening least-privilege access.
Preventing and detecting Azure service principal credenti...
How Azure service principal secrets leak through repos, pipelines, and IaC state files — and the detection, scoping, and rotation practices that stop a leak from becoming a breach.
Security best practices for Azure Container Apps and secr...
A step-by-step guide to Azure Container Apps security best practices: managed identity, Key Vault-backed secrets, network ingress, and supply chain hardening.
Hardening Google Kubernetes Engine clusters against attacks
A step-by-step guide to GKE security best practices: private clusters, Workload Identity, Shielded Nodes, Binary Authorization, and verification checks for real audits.
Using GCP Workload Identity Federation for keyless CI/CD ...
GCP Workload Identity Federation lets CI/CD pipelines authenticate with short-lived tokens instead of service account keys. Here's how it works and how to migrate.
Automating secret rotation in Google Cloud Secret Manager
A practical guide to automating GCP Secret Manager rotation—covering versioning, Cloud Functions, Cloud Scheduler, and rotating database credentials safely.
Applying least-privilege principles to GCP IAM roles
Predefined roles, custom roles, IAM Recommender, and service account hygiene: a practical guide to applying GCP IAM least privilege without breaking production.
Managing and securing GCP service account keys
A practical, step-by-step guide to GCP service account key security: disable key creation, adopt impersonation, rotate remaining keys, and monitor for misuse.