Safeguard
Tag

secrets

Safeguard articles tagged "secrets" — guides, analysis, and best practices for software supply chain and application security.

30 articles

DevSecOps

Gitleaks Secret Scanning Recipes for 2026

Practical Gitleaks configurations and workflows for 2026, including pre-commit setup, monorepo tuning, custom rules, and how to avoid the false-positive treadmill.

Mar 25, 20265 min read
Best Practices

How to Rotate Leaked Secrets With Automation (2026)

The 2026 playbook for automated secret rotation: detection pipelines, credential broker patterns, blast-radius analysis, and CI integration that actually holds up in production.

Mar 10, 20268 min read
Incident Analysis

Codecov Bash Uploader 2021: A Supply Chain Retrospective

The Codecov bash uploader compromise was the quiet supply chain attack that exposed how CI secrets flow through every customer's pipeline. A five-year look back.

Jan 22, 20265 min read
DevSecOps

Secrets Management in CI Pipelines: 2026 Guide

Rotating tokens, OIDC federation, and scoped runners are table stakes in 2026. Here is how senior engineers design CI secrets that do not leak on bad days.

Jan 16, 20267 min read
DevSecOps

Pre-Commit Hooks Security Recipes for 2026

Practical pre-commit framework recipes that catch secrets, malicious packages, and risky changes before they reach your remote, without slowing developers down.

Jan 14, 20266 min read
Guides

How to Vet a GitHub Action Before You Trust It with Secrets

Third-party Actions run with your repo's token and secrets. A vetting routine: read the source at the pinned SHA, audit the bundled dist, scope permissions, and contain egress.

Jun 22, 20256 min read
Concepts

What Is Key Management? Protecting the Keys That Protect Everything

Key management is the discipline of generating, storing, rotating, and retiring cryptographic keys safely. Strong encryption is only as good as the way its keys are handled.

Feb 25, 20256 min read
Best Practices

Dev Machine Secrets: The Exfiltration Risks

Engineer laptops are the softest target in most organizations. Here is a senior engineer's look at the real exfiltration paths for developer secrets and how to shut them down.

Dec 10, 20247 min read
Best Practices

Secrets Rotation Across Microservices: A Playbook

A practical senior engineer's playbook for rotating secrets across microservices without downtime, drift, or the quiet credential leaks that come from half-done cutovers.

Nov 22, 20247 min read
DevSecOps

age + SOPS: A Git-Native Secrets Workflow

How age and SOPS together deliver a lightweight, auditable, Git-native secrets workflow that stands up to real production use without a vault server.

Oct 28, 20247 min read
Best Practices

AWS SSM Parameter Store Security

Parameter Store is everywhere in AWS workloads, which means it accumulates secrets, configuration, and bad IAM over time. Here is the security review I run on every Parameter Store deployment.

Oct 18, 20247 min read
Best Practices

CyberArk Conjur for Enterprise Secrets Management

Where Conjur fits in 2024 for enterprise secrets management, what it does well, where it hurts, and how to roll it out without drowning the platform team.

Aug 25, 20247 min read
secrets (Page 2) — Safeguard Blog