secrets-management
Safeguard articles tagged "secrets-management" — guides, analysis, and best practices for software supply chain and application security.
90 articles
Best practices for rotating secrets stored in Azure Key V...
A practical, step-by-step guide to Azure Key Vault secret rotation best practices, covering rotation policies, automation, and expiration alerts.
Best practices for using Azure Managed Identity instead o...
A step-by-step guide to Azure Managed Identity best practices: system vs user assigned identities, least-privilege roles, and secretless authentication.
Configuring soft delete and purge protection for Azure Ke...
A step-by-step guide to enabling Key Vault soft delete and purge protection, recovering deleted secrets, and applying backup practices to prevent permanent data loss.
Security best practices for Azure Container Apps and secr...
A step-by-step guide to Azure Container Apps security best practices: managed identity, Key Vault-backed secrets, network ingress, and supply chain hardening.
Managing secrets securely with OCI Vault
A step-by-step guide to OCI Vault secrets management: provisioning, rotation, IAM policies, pipeline integration, and best practices for securing credentials.
Using OCI resource principal authentication to avoid embe...
A concrete guide to OCI resource principal authentication: how it works, how it differs from instance principals, and how to eliminate static API keys from OCI workloads.
Comparing AWS Secrets Manager, Azure Key Vault, and GCP S...
A practical, no-hype comparison of AWS Secrets Manager, Azure Key Vault, GCP Secret Manager, HashiCorp Vault, and Doppler — plus how to actually evaluate one.
Hardcoded credentials vulnerabilities explained
Hardcoded credentials (CWE-798) have caused real breaches at Uber, Toyota, and Mercedes-Benz. Here's how they happen, how common they are, and how to fix them.
Secrets leakage in Docker images explained
How credentials get baked into Docker image layers, real incidents that exposed them, and how to detect and stop secrets leakage in container images.
Container registry credential leak trends
2026 data shows container registry credential leaks accelerating as CI pipelines speed up — and why layer-aware scanning, not just final-image checks, is now essential.
Best secrets management and vaulting solutions
A buyer's guide to secrets management tools: evaluation criteria plus honest comparisons of Vault, AWS Secrets Manager, CyberArk, Doppler, and Infisical.
Codecov Bash Uploader supply chain breach
A look back at the 2021 Codecov Bash Uploader breach: how a tampered CI script exfiltrated secrets for two months, and what it teaches about supply chain risk.