Safeguard
Tag

encryption

Safeguard articles tagged "encryption" — guides, analysis, and best practices for software supply chain and application security.

24 articles

Container Security

How to encrypt Kubernetes secrets at rest

A step-by-step guide to encrypting Kubernetes secrets at rest: choosing a KMS provider, configuring etcd encryption, re-encrypting existing secrets, and verifying it worked.

Feb 17, 20268 min read
Infrastructure Security

How to encrypt a Terraform state file

A step-by-step guide to encrypting a Terraform state file using an S3 backend, KMS keys, and IAM controls to keep infrastructure secrets safe.

Feb 13, 20267 min read
Cloud Security

Configuring automatic key rotation in AWS KMS

A practical, step-by-step guide to configuring AWS KMS key rotation for customer managed keys, including custom rotation periods, multi-Region keys, and monitoring.

Jan 18, 20268 min read
Cloud Security

Best practices for managing encryption keys with Google C...

A step-by-step guide to Cloud KMS best practices: key hierarchy, IAM scoping, envelope encryption, automated rotation, HSM protection levels, and audit logging.

Jan 11, 20268 min read
Concepts

What Is End-to-End Encryption? Privacy From Sender to Recipient

End-to-end encryption keeps data readable only by the sender and intended recipient, so not even the service carrying the message can see its contents.

Apr 9, 20256 min read
Concepts

What Is TLS? Transport Layer Security Explained

TLS is the protocol that encrypts data in transit across the internet, turning the padlock in your browser into real protection against eavesdropping and tampering.

Jan 28, 20256 min read
Security Concepts

Symmetric vs Asymmetric Encryption, Explained

What makes an encryption algorithm symmetric is a single shared key for both encryption and decryption; asymmetric algorithms use a mathematically linked public/private key pair instead — and the difference decides which one you should reach for.

Mar 19, 20246 min read
Container Security

Kubernetes Secrets Encryption Providers Reviewed

etcd encryption at rest finally works out of the box. The question is which provider you use, and the trade-offs have sharpened in 2024.

Mar 5, 20248 min read
Application Security

Sensitive Data Exposure Prevention: Protecting Data at Rest, in Transit, and in Use

Data exposure is not just about encryption. It is about knowing where your sensitive data lives, how it moves, and who can access it at every stage.

Jan 15, 20236 min read
Supply Chain Attacks

LastPass Second Breach: Encrypted Vaults Stolen Using Data from First Attack

LastPass revealed that the August breach enabled a second attack that exfiltrated encrypted customer vaults. The full scope of the damage was devastating.

Nov 22, 20226 min read
Application Security

TLS Configuration Security Audit: What to Check and How

A misconfigured TLS setup can be worse than no encryption at all because it creates false confidence. Here is how to audit your TLS configuration properly.

Jun 8, 20224 min read
Privacy & Security

Apple's iCloud CSAM Scanning Controversy: Privacy vs. Security at Scale

Apple's 2021 announcement of on-device CSAM scanning ignited a fierce debate about surveillance, encryption, and the boundaries of technology companies' responsibility — leading Apple to ultimately abandon the plan.

Sep 22, 20216 min read
encryption (Page 2) — Safeguard Blog