Safeguard
Tag

secrets-management

Safeguard articles tagged "secrets-management" — guides, analysis, and best practices for software supply chain and application security.

90 articles

Cloud Security

Best practices for rotating secrets stored in Azure Key V...

A practical, step-by-step guide to Azure Key Vault secret rotation best practices, covering rotation policies, automation, and expiration alerts.

Jan 17, 20269 min read
Cloud Security

Best practices for using Azure Managed Identity instead o...

A step-by-step guide to Azure Managed Identity best practices: system vs user assigned identities, least-privilege roles, and secretless authentication.

Jan 15, 20268 min read
Cloud Security

Configuring soft delete and purge protection for Azure Ke...

A step-by-step guide to enabling Key Vault soft delete and purge protection, recovering deleted secrets, and applying backup practices to prevent permanent data loss.

Jan 14, 20268 min read
Container Security

Security best practices for Azure Container Apps and secr...

A step-by-step guide to Azure Container Apps security best practices: managed identity, Key Vault-backed secrets, network ingress, and supply chain hardening.

Jan 13, 20267 min read
Industry Analysis

Managing secrets securely with OCI Vault

A step-by-step guide to OCI Vault secrets management: provisioning, rotation, IAM policies, pipeline integration, and best practices for securing credentials.

Jan 9, 20268 min read
Identity Security

Using OCI resource principal authentication to avoid embe...

A concrete guide to OCI resource principal authentication: how it works, how it differs from instance principals, and how to eliminate static API keys from OCI workloads.

Jan 8, 20267 min read
Cloud Security

Comparing AWS Secrets Manager, Azure Key Vault, and GCP S...

A practical, no-hype comparison of AWS Secrets Manager, Azure Key Vault, GCP Secret Manager, HashiCorp Vault, and Doppler — plus how to actually evaluate one.

Jan 6, 20268 min read
Vulnerability Analysis

Hardcoded credentials vulnerabilities explained

Hardcoded credentials (CWE-798) have caused real breaches at Uber, Toyota, and Mercedes-Benz. Here's how they happen, how common they are, and how to fix them.

Dec 8, 20257 min read
Vulnerability Analysis

Secrets leakage in Docker images explained

How credentials get baked into Docker image layers, real incidents that exposed them, and how to detect and stop secrets leakage in container images.

Dec 3, 20257 min read
Container Security

Container registry credential leak trends

2026 data shows container registry credential leaks accelerating as CI pipelines speed up — and why layer-aware scanning, not just final-image checks, is now essential.

Nov 16, 20256 min read
Buyer's Guides

Best secrets management and vaulting solutions

A buyer's guide to secrets management tools: evaluation criteria plus honest comparisons of Vault, AWS Secrets Manager, CyberArk, Doppler, and Infisical.

Nov 11, 20259 min read
Incident Analysis

Codecov Bash Uploader supply chain breach

A look back at the 2021 Codecov Bash Uploader breach: how a tampered CI script exfiltrated secrets for two months, and what it teaches about supply chain risk.

Nov 8, 20257 min read
secrets-management (Page 6) — Safeguard Blog