Latest posts tagged with #SecretsManagement on Bluesky
Building autonomous AI systems but still storing credentials in .env files?
Nearly half of MCP servers do exactly that. Attackers know it too.
Here are 7 best practices to secure MCP credentials, from runtime injection to OAuth and rotation.
👉 zurl.co/xzhr5
#Doppler #SecretsManagement #DevOps #AI
🔐 Por qué el código generado por IA aumenta el riesgo en la gestión de secretos
El CEO de GitGuardian explica el aumento de credenciales expuestas con la
devops.com/why-ai-generated-code-is...
#SecretsManagement #DevSecOps #APISecurity #RoxsRoss
Sprawl Brawl starts now. Think March Madness, but for your secrets.
Eight common secrets sprawl pitfalls enter the bracket. One wins. 🏆
Let us know what you think for Round 1 here: forms.gle/FVzRfC4HhRe7...
Next week, the winners move on.
#Doppler #MarchMadness #SecretsManagement #DevOps
A compromised secret is a when, not if problem.
Keys leak. Tokens get committed. Credentials linger.
What matters is detection, containment, and fast rotation. Design for exposure, not perfection.
What to do when a secret is compromised 👇
zurl.co/seAWw
#Doppler #DevSecOps #SecretsManagement
MCP servers are becoming the backbone of agentic workflows.
If they coordinate tools and APIs, they also coordinate access. Secrets need scoped permissions, automated rotation, and auditability by default.
👇
zurl.co/cbkSC
#Doppler #SecretsManagement #DevSecOps #MCP
🔐 Fallos en la Gestión de Secrets en Pipelines CI/CD
Descubre los riesgos y mejores prácticas para proteger credenciales en tus pipelines.
devops.com/secrets-management-failu...
#SecretsManagement #DevSecOps #SupplyChainSecurity #RoxsRoss
Multi-cloud, on-prem, edge. Different stacks, same secrets risk.
How do you enforce consistent secrets governance everywhere without slowing devs down?
Standardized access, auditability, and rotation across every environment.
🔗 Read more now: zurl.co/JoEOY
#Doppler #SecretsManagement #DevSecOps
www.secretz.io
OpenBao Enterprise support just landed
#secretz #openbao #opensource #enterprise #secretsmanagement
Agentic AI in DevOps is moving fast. MCP-powered agents can reason and remediate on their own, which is powerful and risky. Autonomous agents need automated, ephemeral, auditable secrets.
Otherwise, your smartest bots become your biggest risk.
zurl.co/0rmo6
#Doppler #SecretsManagement #AI #MCP
CI jobs, bots, and services all need access. Sprawl is optional.
How to scale non-human identity management without slowing devs or weakening security.
Fewer secrets, better controls, less mess.
👉 zurl.co/xC7IW
#Doppler #SecretsManagement #DevOps #DevSecOps #NHI #NonHumanIdentity
Not everyone needs access to everything. Security teams know this. Developers feel the friction.
Clear, role-based access helps teams protect sensitive data without slowing delivery.
How do you balance access control and developer velocity?
zurl.co/uLXIz
#Doppler #SecretsManagement #DevOps
Secrets sprawl is one of the fastest ways attackers bypass everything else you built. This infographic breaks down the 48-hour SMB cleanup sprint and why leaked keys are so dangerous. Companion to my full article. 🔐📊
#CyberSecurity #SMB #AppSec #SecretsManagement
Secrets sprawl is one of the easiest ways attackers bypass MFA, firewalls, and reviews. I wrote a practical 48-hour cleanup sprint for SMBs plus a 30/60/90 plan to keep it from coming back. If attackers have a key, they don’t need your login. 🔐🧵 #CyberSecurity #SMB #AppSec #SecretsManagement
OpenBao 2.5.0 GA release is available now!
Release binaries are available on GitHub:
github.com/openbao/open...
#OpenBao #OpenSource #FOSS #SecretsManagement
The latest update for #SignMyCode includes "What is #SecretsManagement? Types, Challenges, Best Practices & Tools" and "#AWS KMS Vs #Azure Key Vault Vs #GCP KMS: Choose the Best #Cloud Security Storage".
#cybersecurity #softwaresecurity #codesigning https://opsmtrs.com/3SAy0lg
Still copy-pasting secrets into your pipeline? Automation beats memory every time.
Bake secrets into your workflows: www.doppler.com/guides/manag...
#Doppler #SecretsManagement #DevOps #DevSecOps
FOSDEM is just around the corner, and OpenBao is ready! 🚀
Come visit us at our shared stand with OpenTofu (Location: K.1.C.06).
📍 Check the map to find us: nav.fosdem.org/l/k1-c-06/@1...
#OpenBao #SecretsManagement #OpenSSF #OpenSource #Security #FOSDEM
SOPS is a CLI tool that encrypts and decrypts files. But can you use it declaratively?
@andyserver.com explains in this 🌩️ Thunder episode:
youtu.be/9jgKuHzaYpU
#SOPS #CLI #SecretsManagement #DevOps
Secret rotation isn't enough if nothing verifies it worked.
We break down a closed-loop secrets lifecycle that connects detection, rotation, propagation, and verification into a single system that actually scales.
👇 Read more:
zurl.co/u25fF
#Doppler #SecretsManagement #DevOps #DevSecOps
You can’t secure what you can’t see. Build visibility into how secrets are used and rotated. Start here: www.doppler.com/guides/manag...
#Doppler #SecretsManagement #DevSecOps #Compliance
GPG, AWS KMS, GCP KMS, Azure Key Vault — why learn four CLIs when one will do?
@andyserver.com explains how SOPS gives you one interface for all of them in this 🌩️ Thunder episode:
youtu.be/9jgKuHzaYpU
#SOPS #SecretsManagement #AWS #GCP #Azure #CloudSecurity
The latest update for #miniOrange includes "What is #SecretsManagement: An Essential Guide to Securing Credentials in Modern #DevOps" and "How to Hide a Product on Shopify".
#Cybersecurity #IdentitySecurity https://opsmtrs.com/3NFkwV7
If environment variables were secure enough for secrets, security teams wouldn't keep warning about them. We break down when env vars make sense, where they fall short, and safer patterns for managing secrets in modern dev and CI/CD.
Read more: zurl.co/JZjCH
#Doppler #SecretsManagement #DevSecOps
Database credentials, SSH keys, Kubernetes secrets — how do you protect them all without juggling different tools?
@andyserver.com explains in this 🌩️ Thunder episode: youtu.be/9jgKuHzaYpU
#SOPS #SecretsManagement #Kubernetes #CloudSecurity
FYI: Secrets Management: Comcast's Challenges and Solutions #shorts: Development teams need an easy solution for secrets management. Discover how to provide that solution before expecting compliance. If teams don't know where to store secrets, they won't follow policy. #secretsmanagement…
Hardcoding secrets is a speed run to a security incident. Dev, @ChiefGyk3D, explains why he uses Doppler for every project and how leaked API keys get abused in minutes. A single Reddit key leak nearly led to a massive cloud bill.
#Doppler #SecretsManagement #DevOps #Security #DevSecOps
AI can leak secrets if credentials end up in prompts, logs, or training data. Regex redaction is a stopgap. The real fix? Keep secrets out of code and use runtime injection so models see names, not keys.
🔗 Read the full breakdown:
zurl.co/5hnf0
#Doppler #SecretsManagement #AI #DevOps #DevSecOps
Most supply chain breaches start with a leaked secret, not a zero-day. One key or token is often enough to open everything else.
Why secrets are the quiet backbone of supply chain security 👇
zurl.co/nO6pF
#Doppler #SupplyChainSecurity #SecretsManagement
