Your GitHub Secrets Ain’t That Secret: (GitHub actions hack)

by CloudDudeUncategorizedPosted on Comments are Disabled

Intro Sometimes secrets in the real world aren’t as secret as we think! Although it can be scary, it’s really easy to show the content of your secret in GitHub actions log. You might not mind if your repo is private but if it is public and your Open Source project still needs things to …

Read more “Your GitHub Secrets Ain’t That Secret: (GitHub actions hack)”

What’s OIDC and why should you use it asap in your GitHub pipeline (keyless)

by CloudDudeUncategorizedPosted on Comments are Disabled

Hackers Paradise!                        — β€œ 10 million credentials from GitHub were accessible in 2022 alone.” — This is the shocking truth exposed in a recent report published by secrets-management firm GitGuardian. That’s 5.5 out of every 1,000 commits to GitHub spilling secrets, putting applications & businesses at serious risk.Scattered & hard-coded secrets across environments are one …

Read more “What’s OIDC and why should you use it asap in your GitHub pipeline (keyless)”