encryption
Safeguard articles tagged "encryption" — guides, analysis, and best practices for software supply chain and application security.
24 articles
How to encrypt Kubernetes secrets at rest
A step-by-step guide to encrypting Kubernetes secrets at rest: choosing a KMS provider, configuring etcd encryption, re-encrypting existing secrets, and verifying it worked.
How to encrypt a Terraform state file
A step-by-step guide to encrypting a Terraform state file using an S3 backend, KMS keys, and IAM controls to keep infrastructure secrets safe.
Configuring automatic key rotation in AWS KMS
A practical, step-by-step guide to configuring AWS KMS key rotation for customer managed keys, including custom rotation periods, multi-Region keys, and monitoring.
Best practices for managing encryption keys with Google C...
A step-by-step guide to Cloud KMS best practices: key hierarchy, IAM scoping, envelope encryption, automated rotation, HSM protection levels, and audit logging.
What Is End-to-End Encryption? Privacy From Sender to Recipient
End-to-end encryption keeps data readable only by the sender and intended recipient, so not even the service carrying the message can see its contents.
What Is TLS? Transport Layer Security Explained
TLS is the protocol that encrypts data in transit across the internet, turning the padlock in your browser into real protection against eavesdropping and tampering.
Symmetric vs Asymmetric Encryption, Explained
What makes an encryption algorithm symmetric is a single shared key for both encryption and decryption; asymmetric algorithms use a mathematically linked public/private key pair instead — and the difference decides which one you should reach for.
Kubernetes Secrets Encryption Providers Reviewed
etcd encryption at rest finally works out of the box. The question is which provider you use, and the trade-offs have sharpened in 2024.
Sensitive Data Exposure Prevention: Protecting Data at Rest, in Transit, and in Use
Data exposure is not just about encryption. It is about knowing where your sensitive data lives, how it moves, and who can access it at every stage.
LastPass Second Breach: Encrypted Vaults Stolen Using Data from First Attack
LastPass revealed that the August breach enabled a second attack that exfiltrated encrypted customer vaults. The full scope of the damage was devastating.
TLS Configuration Security Audit: What to Check and How
A misconfigured TLS setup can be worse than no encryption at all because it creates false confidence. Here is how to audit your TLS configuration properly.
Apple's iCloud CSAM Scanning Controversy: Privacy vs. Security at Scale
Apple's 2021 announcement of on-device CSAM scanning ignited a fierce debate about surveillance, encryption, and the boundaries of technology companies' responsibility — leading Apple to ultimately abandon the plan.