HackerTrans
TopNewTrendsCommentsPastAskShowJobs

cad

no profile record

Submissions

Burn – K8s cost waste by namespace and pod. Just kubectl, no deploy

github.com
3 points·by cad·2 maanden geleden·0 comments

comments

cad
·11 dagen geleden·discuss
https://www.gitguardian.com/files/the-state-of-secrets-spraw...

> In the 2025 report, we showed that nearly 70% of credentials confirmed as valid in 2022 were still valid as of January 2025, meaning they have not been rotated or otherwise remediated. When we retested the same dataset in January 2026, the validity rate remained over 64%. That persistence is not a rounding error. It is an operational signal that remediation, not detection, is still the industry’s limiting factor.

> In the end there is always some long lived secret. What changes is just where and how it is stored, secured and used.

Obviously. The point here is to reduce the number of them
cad
·18 dagen geleden·discuss
Don't get me wrong but data shows that you will likely fail to keep that api key a as secret and you will also fail to revoke when it becomes necessary. You will definately not going to rotate it frequently as you should.

Good thing about the OAuth2/OIDC is these things will not put the trust on the bearer of the api key, but on actual identity that needs to have the access.
cad
·2 maanden geleden·discuss
[flagged]