Your GitHub Secrets Ain’t That Secret: (GitHub actions hack)

by CloudDudeUncategorizedPosted on Comments are Disabled

Intro Sometimes secrets in the real world aren’t as secret as we think! Although it can be scary, it’s really easy to show the content of your secret in GitHub actions log. You might not mind if your repo is private but if it is public and your Open Source project still needs things to …

Read more “Your GitHub Secrets Ain’t That Secret: (GitHub actions hack)”

What’s OIDC and why should you use it asap in your GitHub pipeline (keyless)

by CloudDudeUncategorizedPosted on Comments are Disabled

Table of contents Popular Authentications to Cloud (Why is it wrong?) OAuth Origins OAuth 2.0 terminology OAuth 2.0 workflow What is OIDC? OIDC .vs OAuth 2.0 OIDC Authentication flow OIDC in GitHub Actions MultiCloud keyless access examples (Azure/ AWS/ GCP) Hackers Paradise !                        — “ 10 million credentials from GitHub were accessible in 2022 …

Read more “What’s OIDC and why should you use it asap in your GitHub pipeline (keyless)”