Learn about critical challenges and solutions in managing secrets within CI/CD pipelines through this 24-minute conference talk. Explore common security issues including long-lived tokens, costly rotation processes, developer permission management, secret reusability, and granular access control. Discover how organizations can better handle secret management while shifting security left in software development and infrastructure provisioning. Presented by Nguyen Dinh Bao Long and Dang Huu Thang, this talk addresses key problems faced by organizations using GitHub, including token leakage risks, system downtime during rotations, workflow integrity concerns, and limitations of native GitHub secrets sharing.
CI/CD Secret Management with Secret Zero - Managing Secure Pipelines
OpenInfra Foundation via YouTube
Overview
Syllabus
CI/CD Secret Management with Secret Zero
Taught by
OpenInfra Foundation
Related Courses
-
Learning GitHub Actions for DevOps CI/CD
-
Continuous Integration and Delivery (CI/CD)
-
Enhancing CI/CD Secrets Security - The 3Rs Approach
-
The Dark Playground of CI/CD - Attack Delivery by GitHub Actions
-
GitOps, Kubernetes, and Secret Management
-
Infrastructure as Code Security Best Practices and Strategies
