Safeguard
Tag

secrets-management

Safeguard articles tagged "secrets-management" — guides, analysis, and best practices for software supply chain and application security.

90 articles

Container Security

Kubernetes Secrets

Kubernetes Secrets are base64, not encrypted, by default. Here is how they actually leak, why scanners like Aqua fall short, and how to fix it.

Apr 15, 20268 min read
Container Security

How to secure Kubernetes secrets and sensitive data

Kubernetes secrets are base64, not encrypted, by default. Here's how they actually leak, where Prisma Cloud's CNAPP approach falls short, and how to fix rotation, RBAC, and encryption gaps.

Apr 9, 20267 min read
Vulnerability Analysis

What Are Hardcoded Credentials

Hardcoded credentials are secrets baked into code instead of a vault. Toyota, Uber, and Samsung breaches show why that risk never expires on its own.

Mar 23, 20268 min read
Vulnerability Analysis

What is Sensitive Data Exposure

Sensitive data exposure covers everything from unencrypted databases to hardcoded secrets. Learn what causes it, real breach examples, and how to detect it early.

Mar 23, 20267 min read
Guides

How to Rotate Leaked CI Secrets Without Downtime

A leaked CI credential does not have to mean an outage. The dual-credential pattern: issue new alongside old, cut over, verify with usage logs, then revoke — plus what to do after.

Mar 13, 20266 min read
Application Security

OAuth vs API Keys

OAuth and API keys aren't interchangeable: one is a static, long-lived credential, the other a scoped, expiring token. Here's how to choose, backed by real breaches.

Mar 8, 20267 min read
DevSecOps

Secrets sprawl

What is secrets sprawl? A plain-English breakdown of how API keys and credentials scatter across codebases, and what to do about it.

Feb 24, 20267 min read
Cryptography

How to set up HashiCorp Vault for secrets management

A step-by-step guide to set up HashiCorp Vault for secrets management, covering installation, dynamic secrets, Kubernetes integration, and verification steps.

Feb 20, 20267 min read
Container Security

How to encrypt Kubernetes secrets at rest

A step-by-step guide to encrypting Kubernetes secrets at rest: choosing a KMS provider, configuring etcd encryption, re-encrypting existing secrets, and verifying it worked.

Feb 17, 20268 min read
Vulnerability Analysis

The Codecov Supply Chain Attack Explained

A breakdown of the 2021 Codecov breach: how the Bash Uploader was compromised, what CI secrets were exposed, and the remediation steps teams need now.

Feb 10, 20268 min read
Best Practices

What is Credential Rotation

Credential rotation limits how long a leaked API key, password, or token stays valid. Here's how it works, how often to do it, and why automation matters.

Jan 26, 20266 min read
DevSecOps

What is a CI/CD Secrets Leak

A CI/CD secrets leak exposes real credentials through build logs, forks, or compromised Actions. Here's how it happens and how to stop it.

Jan 20, 20267 min read
secrets-management (Page 5) — Safeguard Blog