This cheat sheet outlines effective ways to discover, validate, and protect API keys and credentials throughout your software development lifecycle. It includes practical examples, tips on ownership, and guidance on securing vaults without hindering development. It's a useful resource for teams looking to manage secrets more effectively.

This article outlines how to manage the recent change in NPM's token policy, which limits token validity to 90 days. It introduces a tool called github-update-secret that automates the process of updating access tokens across multiple GitHub repositories. While the long-term solution is to adopt OIDC, this tool provides a temporary fix.

The article discusses a project where the author scanned all of GitHub's commits for leaked secrets, highlighting the importance of managing sensitive information in code repositories. The findings emphasize the potential risks developers face if they inadvertently expose secrets in their code. Additionally, the article offers insights into the tools and methods used for the scanning process.

Sharon Brizinov shares her experience of earning $64,350 through bug bounty hunting by automating the recovery of deleted files from public GitHub repositories. By scanning thousands of repositories for exposed API keys and credentials hidden in Git's history, she highlighted the importance of addressing security vulnerabilities from seemingly deleted information.