secrets-management
Safeguard articles tagged "secrets-management" — guides, analysis, and best practices for software supply chain and application security.
90 articles
Kubernetes secrets management vulnerability guide
Kubernetes Secrets are base64, not encrypted. Real CVEs and the Tesla breach show how attackers exploit that gap — and how to close it.
Personal Access Token Security Best Practices
Leaked personal access tokens have driven major supply chain breaches. Here's why PATs are risky, real incidents, and how scoping, rotation, and detection fix it.
Hardcoded Secrets in Source Code: Detection and Remediation
Hardcoded secrets in source code caused breaches at Toyota, Uber, and Samsung. Here's why developers keep doing it, how attackers exploit it, and how to fix it.
What is Secretless Authentication in CI/CD
Secretless authentication replaces stored CI credentials with short-lived OIDC tokens minted per job. Here's the trust-policy plumbing, provider support, and the pitfalls.
Securing GitHub Actions Reusable Workflows at Scale
Reusable workflows centralize CI logic — and centralize compromise. Pinning, secrets scoping, org policy, and the review process that keeps one bad merge from owning 400 repos.
How the Snyk CLI's authentication flow issues and stores ...
A technical walkthrough of how Snyk's CLI authenticates via `snyk auth`, where it stores API tokens locally, and why that plaintext credential file is worth protecting.
Measuring Developer Security Maturity Beyond Tool Coverage
Tool coverage tells you what's installed, not whether developers are actually getting safer. Here's how to build a maturity model around remediation velocity, recurrence, and secrets hygiene instead.
Cloud Application Security Best Practices
Five layers cover most of the risk in cloud apps: identity, secrets, artifact scanning, pipeline gates, and runtime guardrails. Here is how to build each one without slowing delivery.
Doppler Enterprise Secrets Platform Reviewed
Doppler pitches itself as the secrets platform that gets out of developers' way. A detailed look at what works, what does not, and the trade-offs against Vault, Infisical, and the cloud-native options.
Azure Key Vault Rotation Patterns
Rotation is the Key Vault feature most teams nominally have and few actually operate. A walk through the patterns that work for secrets, keys, and certificates at scale.
Kubernetes Secrets Management: Vault, Sealed Secrets, SOPS, and External Secrets Compared
Kubernetes Secrets are base64-encoded, not encrypted. That is the start of the problem. Here is a no-nonsense comparison of the tools that actually solve secrets management in Kubernetes.
Vault Supply Chain Integration Patterns
HashiCorp Vault is a Swiss Army knife for secrets, but most teams use it as a glorified key-value store. A walkthrough of the integration patterns that make Vault actually useful in a CI/CD supply chain.