Safeguard
Tag

secrets-management

Safeguard articles tagged "secrets-management" — guides, analysis, and best practices for software supply chain and application security.

90 articles

Cloud Security

Kubernetes secrets management vulnerability guide

Kubernetes Secrets are base64, not encrypted. Real CVEs and the Tesla breach show how attackers exploit that gap — and how to close it.

Nov 3, 20257 min read
Industry Analysis

Personal Access Token Security Best Practices

Leaked personal access tokens have driven major supply chain breaches. Here's why PATs are risky, real incidents, and how scoping, rotation, and detection fix it.

Nov 1, 20256 min read
Industry Analysis

Hardcoded Secrets in Source Code: Detection and Remediation

Hardcoded secrets in source code caused breaches at Toyota, Uber, and Samsung. Here's why developers keep doing it, how attackers exploit it, and how to fix it.

Oct 31, 20258 min read
Concepts

What is Secretless Authentication in CI/CD

Secretless authentication replaces stored CI credentials with short-lived OIDC tokens minted per job. Here's the trust-policy plumbing, provider support, and the pitfalls.

Sep 16, 20257 min read
Engineering

Securing GitHub Actions Reusable Workflows at Scale

Reusable workflows centralize CI logic — and centralize compromise. Pinning, secrets scoping, org policy, and the review process that keeps one bad merge from owning 400 repos.

Sep 14, 20256 min read
Product

How the Snyk CLI's authentication flow issues and stores ...

A technical walkthrough of how Snyk's CLI authenticates via `snyk auth`, where it stores API tokens locally, and why that plaintext credential file is worth protecting.

Aug 17, 20258 min read
DevSecOps

Measuring Developer Security Maturity Beyond Tool Coverage

Tool coverage tells you what's installed, not whether developers are actually getting safer. Here's how to build a maturity model around remediation velocity, recurrence, and secrets hygiene instead.

Jul 18, 20258 min read
Cloud Security

Cloud Application Security Best Practices

Five layers cover most of the risk in cloud apps: identity, secrets, artifact scanning, pipeline gates, and runtime guardrails. Here is how to build each one without slowing delivery.

Apr 16, 20255 min read
Best Practices

Doppler Enterprise Secrets Platform Reviewed

Doppler pitches itself as the secrets platform that gets out of developers' way. A detailed look at what works, what does not, and the trade-offs against Vault, Infisical, and the cloud-native options.

Sep 22, 20247 min read
Best Practices

Azure Key Vault Rotation Patterns

Rotation is the Key Vault feature most teams nominally have and few actually operate. A walk through the patterns that work for secrets, keys, and certificates at scale.

May 18, 20248 min read
Kubernetes Security

Kubernetes Secrets Management: Vault, Sealed Secrets, SOPS, and External Secrets Compared

Kubernetes Secrets are base64-encoded, not encrypted. That is the start of the problem. Here is a no-nonsense comparison of the tools that actually solve secrets management in Kubernetes.

Apr 8, 20247 min read
Best Practices

Vault Supply Chain Integration Patterns

HashiCorp Vault is a Swiss Army knife for secrets, but most teams use it as a glorified key-value store. A walkthrough of the integration patterns that make Vault actually useful in a CI/CD supply chain.

Mar 15, 20247 min read
secrets-management (Page 7) — Safeguard Blog