Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Secrets Management

keeper

Why DevSecOps Teams Need Secrets Management

Proper IT secrets management is essential to protecting your organization from cyberthreats, particularly in DevOps environments, where common CI/CD pipeline tools such as Jenkins, Ansible, Github Actions, and Azure DevOps use secrets to access databases, SSH servers, HTTPs services and other highly sensitive systems.

[Webinar] How You Should Not Remediate Your Hardcoded Secrets

If you have ever run a secrets scanner against your entire codebase, it has likely raised hundreds if not thousands of findings, leaving you wondering, "Where should I start?" Unlike other vulnerabilities, hardcoded secrets represent a threat by themselves whether your code is running or not. Attackers with access to a repository will scan it inside out for secrets, turning every occurrence into a risk you cannot ignore. Still, this does not mean that you should treat all incidents equally!

[Webinar] Taming Secrets Sprawl with Doppler and GitGuardian

With every hardcoded secret, the software supply chain attack surface grows larger, opening more avenues for the resourceful attacker. Remember Codecov? It all started with a hardcoded secret, ultimately leading to the downstream poisoning of 20,000+ CI pipelines and the exfiltration of more secrets than attackers could ever dream of. It’s time for us, developers and security pros, to take a hard look at our hardcoded secrets – or else, we accept living with the risks and consequences of secrets sprawl.
Snyk

Best practices for Kubernetes Secrets management

Kubernetes uses secret objects, called Secrets, to store OAuth tokens, secure shell (SSH) keys, passwords, and other secret data. Kubernetes Secrets allow us to keep confidential data separate from our application code by creating it separately from pods. This segregation, along with well-formed role-based access control (RBAC) configuration, reduces the chances of the Secret being exposed — and potentially exploited — when interacting with pods, thereby increasing security.