Y
Hacker News
new
|
ask
|
show
|
jobs
by
orphea
269 days ago
How is a client cert not another glorified static password? It would have been stolen from repo secrets the same way.
1 comments
pabs3
269 days ago
You don't store them in repos on disk, but in a HSM so they can't be stolen, and then you protect signing access to them based on service/process information.
link