Safeguard
Tag

credential-rotation

Safeguard articles tagged "credential-rotation" — guides, analysis, and best practices for software supply chain and application security.

9 articles

DevSecOps

Credential rotation playbook after npm worm exposure

A step-by-step rotation runbook for security teams exposed to the Shai-Hulud npm worm — what to revoke first, how to verify a credential is dead, and how to prevent a repeat.

Jul 9, 20266 min read
Supply Chain Attacks

The npm worm incident response playbook

Shai-Hulud compromised 500+ npm packages by auto-publishing itself with stolen tokens. Here's a concrete detection, rotation, and pinning playbook.

Jul 9, 20265 min read
Supply Chain Attacks

Anatomy of a self-propagating npm worm

In September 2025, one phished maintainer account led to malicious chalk and debug releases hitting over 2B weekly downloads within two hours.

Jul 8, 20267 min read
Best Practices

The complete workflow for finding and remediating hardcoded secrets in GitHub

GitGuardian found 12.8 million secrets leaked on public GitHub in 2023 alone, and over 90% were still valid five days later. Here's the fix workflow that actually closes the gap.

Jul 8, 20268 min read
Security Guides

How to Rotate Leaked API Keys (2026 Playbook)

A leaked API key is a live credential until you kill it. Here is a provider-agnostic rotation playbook — grounded in the Toyota T-Connect and CircleCI incidents — that revokes access without breaking production.

Jul 1, 20267 min read
Guides

How to Rotate Leaked CI Secrets Without Downtime

A leaked CI credential does not have to mean an outage. The dual-credential pattern: issue new alongside old, cut over, verify with usage logs, then revoke — plus what to do after.

Mar 13, 20266 min read
Best Practices

What is Credential Rotation

Credential rotation limits how long a leaked API key, password, or token stays valid. Here's how it works, how often to do it, and why automation matters.

Jan 26, 20266 min read
Cloud Security

Cloudflare R2 March 21, 2025 Outage: A Credential Rotation Postmortem

A missing --env flag during a Wrangler secret rotation took R2 writes to zero for 67 minutes. Here is the failure mode and the deployment guardrails that should have caught it.

Mar 26, 20257 min read
Security Operations

API Key Rotation Automation: A Practical Implementation Guide

Manual key rotation does not happen. Automated rotation does. Here is how to implement zero-downtime API key rotation for the services and credentials that matter most.

Nov 15, 20236 min read
credential-rotation — Safeguard Blog