Stop Putting AWS Access Keys in GitHub Secrets. Use OIDC Instead.
I rotated a leaked AWS access key at 2 AM last year. A contractor had pushed a workflow that printed environment variables for "debugging," GitHub's secret scanner caught it about four minutes later, and by the time I'd revoked the key and audited CloudTrail, I'd lost an hour of sleep I still resent
ORIGINAL SOURCE →via Dev.to
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · finance
- [FINANCE] Bitmine to slow down ether purchases as it nears accumulation goal, Tom Lee says
- [FINANCE] Seaport’s IPO adventure, obesity pill battles, and Makary’s troubles
- [FINANCE] Tom Lee Says Bitcoin Bear Market Is Over if BTC Closes May Above $76,000 - bloomingbit
- [FINANCE] Texas Roadhouse faces earnings test as beef costs squeeze margins
- [FINANCE] West Pharmaceutical Services stock hits 52-week high at $322.40
- [FINANCE] Mexican headline inflation eases for the first time since December, paves way for rate cut