Hacker News new | ask | show | jobs
by firesteelrain 409 days ago
Will monitor your progress

Also be interesting to see what trufflehog finds (should be false positive)

https://github.com/trufflesecurity/trufflehog

Where are you storing the creds to get the secret from the vault?

This is the secret zero problem and other platforms solve it in other ways such as HSM
1 comments
devenjarvis 409 days ago
Yea that is a hard problem to solve. Right now RunSecret depends on the host system (your laptop, CI runner, or application container) having access to the secret vault(s) of choice that you reference. This can be through ENV VARS, OIDC, or IAM roles (in some cases) but currently there is no HSM support.
link
firesteelrain 409 days ago
No worries, interesting way to solve this problem!
link