Y
Hacker News
new
|
ask
|
show
|
jobs
by
pabs3
278 days ago
mTLS aka TLS client certs seems like the way to go.
1 comments
orphea
278 days ago
How is a client cert not another glorified static password? It would have been stolen from repo secrets the same way.
link
pabs3
277 days ago
You don't store them in repos on disk, but in a HSM so they can't be stolen, and then you protect signing access to them based on service/process information.
link