Secure secret management
- secret management is hard but doable;
- automated scanning drastically reduces exposure, because attackers use them too;
- auditing secret access is the approach to tackling and containing leaks;
- practical auditing could be conducted by a developer with minimal preparation.
Secure secrets management in Docker containers. Part 1 Secure secrets management in Docker containers from the offensive point of view. With examples and demo scripts. Read more
Secure secrets management in Docker containers. Part 2 Secure secrets management in Docker containers from the offensive point of view. Secrets in memory. Secrets in build arguments Read more
Bash/zsh scripts. Part 3 Secure secrets management in Docker containers from the offensive point of view. Secrets in bash/zsh scripts. Secrets in logs. Read more
Git secret leaks Secure secrets management in git from the offensive point of view. With examples and demo scripts. Read more
Obtain secrets from different sources Obtain secrets from storage buckets, static landing pages and other static content with examples Read more