Safeguard
Tag

secrets-management

Safeguard articles tagged "secrets-management" — guides, analysis, and best practices for software supply chain and application security.

90 articles

Concepts

What Is Secrets Management?

Secrets management is the practice of securely storing, distributing, rotating, and auditing the credentials your software needs to run. Here's how it works, why leaked secrets are a top breach vector, and how to get it right in 2026.

Jul 1, 20267 min read
Container Security

Securing Kubernetes Secrets management

Base64 isn't encryption. Here's how Kubernetes Secrets actually get exposed, and the encryption, RBAC, and rotation controls that fix it.

Jun 25, 20266 min read
Container Security

Keeping Docker secrets secure without Kubernetes

Docker ships with tmpfs-backed Swarm secrets, BuildKit secret mounts, and Compose file secrets — here's how to use them without Kubernetes.

Jun 24, 20268 min read
Infrastructure Security

Managing Terraform state file security risks

Terraform state files store database passwords, IAM keys, and private keys in plaintext. Here's how they leak, why encryption alone won't save you, and how to lock them down.

Jun 19, 20267 min read
Infrastructure Security

Ansible playbook security scanning

Hardcoded secrets, unrestricted become, and injection-prone shell tasks turn Ansible playbooks into a single point of compromise across every host they touch.

Jun 17, 20267 min read
DevSecOps

Azure DevOps pipeline security best practices

A practical guide to the six Azure DevOps pipeline settings attackers exploit most, with exact controls to fix fork triggers, secrets, and agents.

Jun 16, 20267 min read
Application Security

Why LLM API keys should be treated as tier-zero secrets

A leaked LLM API key is a blank check and a data pipe in one credential. Here's why it demands tier-zero controls—and why tools like Black Duck never see it.

Jun 12, 20268 min read
Application Security

10 Spring Boot security best practices

Ten concrete Spring Boot security practices, with real CVEs, config flags, and file paths, to close the gaps attackers actually exploit.

May 25, 20267 min read
DevSecOps

8 tips for securing your CI/CD pipeline

Real incidents like tj-actions and xz-utils show how CI/CD pipelines get compromised. Eight concrete, actionable tips to lock yours down.

May 18, 20266 min read
Application Security

Secrets management: tools and best practices

Secrets leak because of workflow gaps, not carelessness. Here's how vaults, scanners, and rotation policies actually stop credential exposure.

May 16, 20267 min read
Application Security

Finding and fixing exposed hardcoded secrets in GitHub projects

Hardcoded secrets leak into GitHub every day and get exploited within minutes. Here's how to find, fix, and prevent exposed credentials at scale.

May 16, 20266 min read
AI Security

Keeping secrets out of agent context windows: brokers, scoped tokens, and redaction

Every secret that touches an agent's context window is a secret the agent can leak. Just-in-time credential brokers, scoped-token issuance, and redaction layers keep the surface small without breaking the agent's ability to do real work.

May 15, 20268 min read
secrets-management (Page 4) — Safeguard Blog