Secrets

1Password announced today general availability of a single sign-on (SSO) capability that makes sure secrets are kept secure by leveraging keys that are stored on an end user’s device. The Unlock with ...

Following a security incident, CircleCI has completed the process of rotating GitHub OAuth tokens for their customers. CircleCI said Saturday that while customers could still rotate their own tokens, it has “confidence ...

Microsoft’s GitHub source control service will help stop devs accidentally embedding secrets in public code repositories. It’s a big problem ...

Charlene O’Hanlon and Yury Koldobanov tackle the challenge of secrets leakage in Git repos and what organizations can do to prevent it. Voiceover:                  This is Digital Anarchist.   Charlene O’Hanlon:   Hey, everybody, ...

Long-term cloud credentials are often scattered throughout source code, on laptops or desktops, on servers, in cloud resources and in other locations. It’s easy to copy them across machines, creating credential sprawl ...

Applications are no longer standalone monoliths, they now rely on thousands of independent building blocks: cloud infrastructure, databases, SaaS components such as Stripe, Slack and HubSpot, just to name a few. This ...

Digital certificates (e.g. SSL/TLS, X.509) can be issued and managed through many different tools in your DevOps tool-chain. However, the more tools you have for managing the issuance of these certificates lead ...

Secrets, Security Insights, and APIs!ShiftLeft Inspect can now detect “hardcoded secrets” (across all languages), and provide “security insights” into your JavaScript code. ShiftLeft Inspect has also released a new version of API ...

Apparently, Amazon.com, Inc. (Nasdaq: AMZN) has taken up the $10 Billion Evil Gauntlet and is running with it (kids, don't do that at home...), if reports are to be believed. Read it ...

via the comic delivery system monikered Randall Munroe at XKCD! ...