Your GitHub Secrets Ain’t That Secret: (GitHub actions hack)

Intro Sometimes secrets in the real world aren’t as secret as we think! Although it can be scary, it’s really easy to show the content of your secret in GitHub actions log. You might not mind if your repo is private but if it is public and your Open Source project still needs things to …

What’s OIDC and why should you use it asap in your GitHub pipeline (keyless)

Table of contents Popular Authentications to Cloud (Why is it wrong?) OAuth Origins OAuth 2.0 terminology OAuth 2.0 workflow What is OIDC? OIDC .vs OAuth 2.0 OIDC Authentication flow OIDC in GitHub Actions MultiCloud keyless access examples (Azure/ AWS/ GCP) Hackers Paradise !                        — β€œ 10 million credentials from GitHub were accessible in 2022 …