credential-security
Safeguard articles tagged "credential-security" — guides, analysis, and best practices for software supply chain and application security.
5 articles
Secrets management: tools and best practices
Secrets leak because of workflow gaps, not carelessness. Here's how vaults, scanners, and rotation policies actually stop credential exposure.
Preventing and detecting Azure service principal credenti...
How Azure service principal secrets leak through repos, pipelines, and IaC state files — and the detection, scoping, and rotation practices that stop a leak from becoming a breach.
Personal Access Token Security Best Practices
Leaked personal access tokens have driven major supply chain breaches. Here's why PATs are risky, real incidents, and how scoping, rotation, and detection fix it.
PyPI API Token Scopes: An Audit Guide
PyPI API tokens look simple, but how you scope them decides whether a leaked CI secret is a bad day or an ecosystem event. A practical audit guide for security teams.
AT&T Data Breach: 73 Million Customer Records Surface on the Dark Web
In March 2024, AT&T confirmed that a dataset containing personal information of approximately 73 million current and former customers, including encrypted passcodes, had been published on the dark web, three years after its initial appearance.