credential-rotation
Safeguard articles tagged "credential-rotation" — guides, analysis, and best practices for software supply chain and application security.
9 articles
Credential rotation playbook after npm worm exposure
A step-by-step rotation runbook for security teams exposed to the Shai-Hulud npm worm — what to revoke first, how to verify a credential is dead, and how to prevent a repeat.
The npm worm incident response playbook
Shai-Hulud compromised 500+ npm packages by auto-publishing itself with stolen tokens. Here's a concrete detection, rotation, and pinning playbook.
Anatomy of a self-propagating npm worm
In September 2025, one phished maintainer account led to malicious chalk and debug releases hitting over 2B weekly downloads within two hours.
The complete workflow for finding and remediating hardcoded secrets in GitHub
GitGuardian found 12.8 million secrets leaked on public GitHub in 2023 alone, and over 90% were still valid five days later. Here's the fix workflow that actually closes the gap.
How to Rotate Leaked API Keys (2026 Playbook)
A leaked API key is a live credential until you kill it. Here is a provider-agnostic rotation playbook — grounded in the Toyota T-Connect and CircleCI incidents — that revokes access without breaking production.
How to Rotate Leaked CI Secrets Without Downtime
A leaked CI credential does not have to mean an outage. The dual-credential pattern: issue new alongside old, cut over, verify with usage logs, then revoke — plus what to do after.
What is Credential Rotation
Credential rotation limits how long a leaked API key, password, or token stays valid. Here's how it works, how often to do it, and why automation matters.
Cloudflare R2 March 21, 2025 Outage: A Credential Rotation Postmortem
A missing --env flag during a Wrangler secret rotation took R2 writes to zero for 67 minutes. Here is the failure mode and the deployment guardrails that should have caught it.
API Key Rotation Automation: A Practical Implementation Guide
Manual key rotation does not happen. Automated rotation does. Here is how to implement zero-downtime API key rotation for the services and credentials that matter most.