key-management
Safeguard articles tagged "key-management" — guides, analysis, and best practices for software supply chain and application security.
10 articles
Getting AES right in Java: JCA/JCE mistakes that break your encryption
Call `Cipher.getInstance("AES")` in Java and you silently get ECB mode — no warning, no error, just plaintext patterns leaking through.
Symmetric vs Asymmetric Encryption in Python: A Practical Guide
One key or two? A working comparison of Fernet and RSA in Python's cryptography library — with the OAEP-vs-PKCS1v15 mistake that still causes padding-oracle bugs.
OWASP A02: Cryptographic Failures — A Deep-Dive Guide
Cryptographic Failures rank #2 in the OWASP Top 10 (2021). A deep dive into weak algorithms, key management, real CVEs, and how to detect and fix them in 2026.
Hardware Security Module (HSM)
What is an HSM? Learn how hardware security modules store signing keys, how HSM vs KMS differs, and why FIPS 140-2 HSMs protect code-signing keys.
How to rotate SSH keys safely
A step-by-step guide to rotating SSH keys without downtime: inventory existing keys, generate new pairs, cut over safely, revoke old keys, and verify nothing was missed.
Best practices for managing encryption keys with Google C...
A step-by-step guide to Cloud KMS best practices: key hierarchy, IAM scoping, envelope encryption, automated rotation, HSM protection levels, and audit logging.
Encryption Services: Managed vs Self-Hosted
Choosing between a managed key management service and a self-hosted encryption stack comes down to who you trust to hold the keys and who you trust to patch the software.
What Is Key Management? Protecting the Keys That Protect Everything
Key management is the discipline of generating, storing, rotating, and retiring cryptographic keys safely. Strong encryption is only as good as the way its keys are handled.
SSH Key Management for Organizations: Beyond the Basics
SSH keys provide access to your most critical infrastructure. Most organizations manage them poorly. Here is how to do it right.
GitHub RSA SSH Key Rotation Incident: Why It Mattered
GitHub rotated its RSA SSH host key after accidental exposure. A small mistake with major supply chain implications for every Git-based workflow.