secrets management

3 posts

CISA pushed passwords to a public repo

A top cyberdefense agency published credentials in a public GitHub repository. A control analysis of what failed and what must now be true.

May 20, 2026

Article

OAuth ate your secrets

The Vercel OAuth breach shows environment variables are not protected by location, only by the identity assertion placed in front of them.

Apr 24, 2026

Article

Cisco's Source Code Breach Was Structural, Not Accidental

Cisco's source code breach wasn't a fluke. It was the predictable result of credential drift, third-party trust gaps, and dev infrastructure treated as low-risk.

Apr 2, 2026