https://appsec.fyi/secrets.html Curated Secrets & Credential Leaks resources from appsec.fyi en-us Wed, 22 Apr 2026 18:38:42 +0000 carl@chs.us (Carl Sampson) https://thehackernews.com/2026/03/unc6426-exploits-nx-npm-supply-chain.html https://thehackernews.com/2026/03/unc6426-exploits-nx-npm-supply-chain.html UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours Secrets & Credential Leaks Wed, 22 Apr 2026 12:52:58 +0000 https://cloudsecurityalliance.org/artifacts/state-of-non-human-identity-security-survey-report https://cloudsecurityalliance.org/artifacts/state-of-non-human-identity-security-survey-report The State of Non-Human Identity Security (CSA Survey Report) Secrets & Credential Leaks Wed, 22 Apr 2026 12:52:57 +0000 https://www.javacodegeeks.com/2025/12/secrets-management-in-2026-vault-aws-secrets-manager-and-beyond-a-developers-guide.html https://www.javacodegeeks.com/2025/12/secrets-management-in-2026-vault-aws-secrets-manager-and-beyond-a-developers-guide.html Secrets Management in 2026: Vault, AWS Secrets Manager, and Beyond Secrets & Credential Leaks Wed, 22 Apr 2026 12:52:56 +0000 https://www.buildmvpfast.com/blog/github-secret-scanning-pattern-updates-devops-2026 https://www.buildmvpfast.com/blog/github-secret-scanning-pattern-updates-devops-2026 GitHub Secret Scanning 2026: New Patterns, Push Protection Secrets & Credential Leaks Wed, 22 Apr 2026 12:52:56 +0000 https://blog.gitguardian.com/nhi-security-tools/ https://blog.gitguardian.com/nhi-security-tools/ Top 10 Non-Human Identity Security Tools and Platforms for 2026 Secrets & Credential Leaks Wed, 22 Apr 2026 12:52:55 +0000 https://advisories.gitlab.com/golang/github.com/hashicorp/vault/CVE-2026-5807/ https://advisories.gitlab.com/golang/github.com/hashicorp/vault/CVE-2026-5807/ CVE-2026-5807: HashiCorp Vault DoS via Unauthenticated Root Token Generation Secrets & Credential Leaks Wed, 22 Apr 2026 12:52:54 +0000 https://advisories.gitlab.com/golang/github.com/hashicorp/vault/CVE-2026-3605/ https://advisories.gitlab.com/golang/github.com/hashicorp/vault/CVE-2026-3605/ CVE-2026-3605: HashiCorp Vault KVv2 Metadata Policy Bypass (DoS) Secrets & Credential Leaks Wed, 22 Apr 2026 12:52:54 +0000 https://blog.gitguardian.com/the-state-of-secrets-sprawl-2026-pr/ https://blog.gitguardian.com/the-state-of-secrets-sprawl-2026-pr/ AI Is Fueling Secrets Sprawl: GitGuardian Reports 81% Surge of AI-Service Leaks Secrets & Credential Leaks Wed, 22 Apr 2026 12:52:53 +0000 https://discuss.hashicorp.com/t/hcsec-2026-08-vault-vulnerable-to-denial-of-service-via-unauthenticated-root-token-generation-rekey-operations/77345 https://discuss.hashicorp.com/t/hcsec-2026-08-vault-vulnerable-to-denial-of-service-via-unauthenticated-root-token-generation-rekey-operations/77345 HCSEC-2026-08: Vault DoS via Unauthenticated Root Token Generation Secrets & Credential Leaks Wed, 22 Apr 2026 12:52:52 +0000 https://discuss.hashicorp.com/t/hcsec-2026-05-vault-kvv2-metadata-and-secret-deletion-policy-bypass-denial-of-service/77342 https://discuss.hashicorp.com/t/hcsec-2026-05-vault-kvv2-metadata-and-secret-deletion-policy-bypass-denial-of-service/77342 HCSEC-2026-05: Vault KVv2 Metadata Policy Bypass DoS Secrets & Credential Leaks Wed, 22 Apr 2026 12:52:51 +0000 https://thehackernews.com/2025/12/compromised-iam-credentials-power-large.html https://thehackernews.com/2025/12/compromised-iam-credentials-power-large.html Compromised IAM Credentials Power Large AWS Crypto Mining Campaign Secrets & Credential Leaks Sun, 19 Apr 2026 02:38:42 +0000 https://rafter.so/blog/secrets/pre-commit-hooks-secret-detection https://rafter.so/blog/secrets/pre-commit-hooks-secret-detection Pre-Commit Hooks for Secret Detection: Setup in 10 Minutes Secrets & Credential Leaks Sun, 19 Apr 2026 02:37:09 +0000 https://resources.github.com/enterprise/understanding-secret-leak-exposure/ https://resources.github.com/enterprise/understanding-secret-leak-exposure/ Understanding Your Organization's Exposure to Secret Leaks — GitHub Secrets & Credential Leaks Sun, 19 Apr 2026 02:22:23 +0000 https://securityledger.com/2026/03/exposed-developer-secrets-surge-ai-drives-34-increase-in-2025/ https://securityledger.com/2026/03/exposed-developer-secrets-surge-ai-drives-34-increase-in-2025/ Exposed Developer Secrets Surge: AI Drives 34% Increase in 2025 Secrets & Credential Leaks Sun, 19 Apr 2026 02:22:23 +0000 https://github.blog/security/application-security/next-evolution-github-advanced-security/ https://github.blog/security/application-security/next-evolution-github-advanced-security/ GitHub Found 39M Secret Leaks in 2024 — The GitHub Blog Secrets & Credential Leaks Sun, 19 Apr 2026 02:22:22 +0000 https://netwrix.com/en/resources/blog/non-human-identities/ https://netwrix.com/en/resources/blog/non-human-identities/ Non-human identities: What they are and how to secure them (Netwrix) Secrets & Credential Leaks Fri, 17 Apr 2026 14:45:40 +0000 https://www.doppler.com/blog/top-nhi-platforms-2025-secrets-machine-identity https://www.doppler.com/blog/top-nhi-platforms-2025-secrets-machine-identity Top non-human identity (NHI) platforms of 2025 (Doppler) Secrets & Credential Leaks Fri, 17 Apr 2026 14:45:39 +0000 https://permiso.io/non-human-identity-nhi-security-guide https://permiso.io/non-human-identity-nhi-security-guide What Are Non-Human Identities? Complete NHI Security Guide 2025 Secrets & Credential Leaks Fri, 17 Apr 2026 14:45:38 +0000 https://www.jit.io/resources/appsec-tools/trufflehog-a-deep-dive-on-secret-management-and-how-to-fix-exposed-secrets https://www.jit.io/resources/appsec-tools/trufflehog-a-deep-dive-on-secret-management-and-how-to-fix-exposed-secrets TruffleHog: Deep Dive on Secret Management (Jit) Secrets & Credential Leaks Fri, 17 Apr 2026 14:45:08 +0000 https://www.gitguardian.com/comparisons/trufflehog-v3 https://www.gitguardian.com/comparisons/trufflehog-v3 TruffleHog Open Source v3 vs GitGuardian Secrets & Credential Leaks Fri, 17 Apr 2026 14:45:07 +0000 https://github.com/padok-team/git-secret-scanner https://github.com/padok-team/git-secret-scanner git-secret-scanner: Find secrets with TruffleHog & Gitleaks Secrets & Credential Leaks Fri, 17 Apr 2026 14:45:06 +0000 https://appsecsanta.com/sast-tools/gitleaks-vs-trufflehog https://appsecsanta.com/sast-tools/gitleaks-vs-trufflehog Gitleaks vs TruffleHog 2026 Benchmarks (AppSec Santa) Secrets & Credential Leaks Fri, 17 Apr 2026 14:45:06 +0000 https://rafter.so/blog/secrets/secret-scanning-tools-comparison https://rafter.so/blog/secrets/secret-scanning-tools-comparison Rafter: detect-secrets vs gitleaks vs TruffleHog Secrets & Credential Leaks Fri, 17 Apr 2026 14:45:05 +0000 https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_identities_secrets.html https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_identities_secrets.html SEC02-BP03 Store and use secrets securely (AWS Well-Architected) Secrets & Credential Leaks Fri, 17 Apr 2026 14:45:04 +0000 https://sedai.io/blog/manage-secrets-aws-secrets-manager https://sedai.io/blog/manage-secrets-aws-secrets-manager AWS Secrets Manager: Secure Credential Storage & Best Practices Secrets & Credential Leaks Fri, 17 Apr 2026 14:45:03 +0000 https://aws.amazon.com/blogs/security/practical-steps-to-minimize-key-exposure-using-aws-security-services/ https://aws.amazon.com/blogs/security/practical-steps-to-minimize-key-exposure-using-aws-security-services/ Practical steps to minimize key exposure using AWS Security (AWS) Secrets & Credential Leaks Fri, 17 Apr 2026 14:45:03 +0000 https://www.dspmguides.com/guides/fix-exposure-of-api-keys-secrets-tokens-aws/ https://www.dspmguides.com/guides/fix-exposure-of-api-keys-secrets-tokens-aws/ AWS API Keys / Secrets / Tokens Exposure Remediation Secrets & Credential Leaks Fri, 17 Apr 2026 14:45:02 +0000 https://dev.to/mark_mwendia_0298dd9c0aad/integrating-hashicorp-vault-with-kubernetes-for-secure-secrets-management-1gn9 https://dev.to/mark_mwendia_0298dd9c0aad/integrating-hashicorp-vault-with-kubernetes-for-secure-secrets-management-1gn9 Integrating HashiCorp Vault with Kubernetes for Secrets Mgmt Secrets & Credential Leaks Fri, 17 Apr 2026 14:45:01 +0000 https://www.plural.sh/blog/hashicorp-vault-kubernetes-guide/ https://www.plural.sh/blog/hashicorp-vault-kubernetes-guide/ HashiCorp Vault Kubernetes: The Definitive Guide (Plural) Secrets & Credential Leaks Fri, 17 Apr 2026 14:45:00 +0000 https://medium.com/@muppedaanvesh/a-hand-on-guide-to-vault-in-kubernetes-%EF%B8%8F-1daf73f331bd https://medium.com/@muppedaanvesh/a-hand-on-guide-to-vault-in-kubernetes-%EF%B8%8F-1daf73f331bd A Hands-On Guide to Vault in Kubernetes Secrets & Credential Leaks Fri, 17 Apr 2026 14:44:59 +0000 https://www.infracloud.io/blogs/kubernetes-secrets-hashicorp-vault/ https://www.infracloud.io/blogs/kubernetes-secrets-hashicorp-vault/ Securing Kubernetes Secrets with HashiCorp Vault (InfraCloud) Secrets & Credential Leaks Fri, 17 Apr 2026 14:44:59 +0000 https://developer.hashicorp.com/vault/tutorials/kubernetes-introduction/vault-secrets-operator https://developer.hashicorp.com/vault/tutorials/kubernetes-introduction/vault-secrets-operator Manage Kubernetes native secrets with Vault Secrets Operator Secrets & Credential Leaks Fri, 17 Apr 2026 14:44:58 +0000 https://docs.gitlab.com/user/application_security/secret_detection/ https://docs.gitlab.com/user/application_security/secret_detection/ Secret detection (GitLab Docs) Secrets & Credential Leaks Fri, 17 Apr 2026 14:44:57 +0000 https://github.blog/changelog/2025-03-04-find-secrets-in-your-organization-with-the-secret-risk-assessment/ https://github.blog/changelog/2025-03-04-find-secrets-in-your-organization-with-the-secret-risk-assessment/ Find secrets with GitHub secret risk assessment Secrets & Credential Leaks Fri, 17 Apr 2026 14:44:56 +0000 https://docs.github.com/code-security/secret-scanning/about-secret-scanning https://docs.github.com/code-security/secret-scanning/about-secret-scanning About secret scanning (GitHub Docs) Secrets & Credential Leaks Fri, 17 Apr 2026 14:44:56 +0000 https://www.nodejs-security.com/blog/do-not-use-secrets-in-environment-variables-and-here-is-how-to-do-it-better https://www.nodejs-security.com/blog/do-not-use-secrets-in-environment-variables-and-here-is-how-to-do-it-better Do Not Use Secrets in Environment Variables Secrets & Credential Leaks Thu, 16 Apr 2026 21:04:38 +0000 https://developer.cyberark.com/blog/environment-variables-dont-keep-secrets-best-practices-for-plugging-application-credential-leaks/ https://developer.cyberark.com/blog/environment-variables-dont-keep-secrets-best-practices-for-plugging-application-credential-leaks/ Environment Variables Don't Keep Secrets Secrets & Credential Leaks Thu, 16 Apr 2026 21:04:37 +0000 https://www.knostic.ai/blog/claude-cursor-env-file-secret-leakage https://www.knostic.ai/blog/claude-cursor-env-file-secret-leakage From .env to Leakage: Mishandling of Secrets by Coding Agents Secrets & Credential Leaks Thu, 16 Apr 2026 21:04:36 +0000 https://apiiro.com/blog/secret-detection-in-application-security/ https://apiiro.com/blog/secret-detection-in-application-security/ Secret Detection in Application Security Secrets & Credential Leaks Thu, 16 Apr 2026 21:04:36 +0000 https://www.helpnetsecurity.com/2026/04/14/gitguardian-ai-agents-credentials-leak/ https://www.helpnetsecurity.com/2026/04/14/gitguardian-ai-agents-credentials-leak/ 29 Million Leaked Secrets: How AI Coding Tools Are Making It Worse Secrets & Credential Leaks Thu, 16 Apr 2026 21:04:35 +0000 https://www.gitguardian.com/state-of-secrets-sprawl-report-2026 https://www.gitguardian.com/state-of-secrets-sprawl-report-2026 The State of Secrets Sprawl 2026 - GitGuardian Annual Report Secrets & Credential Leaks Thu, 16 Apr 2026 21:04:34 +0000 https://blog.gitguardian.com/terraform-secrets-management/ https://blog.gitguardian.com/terraform-secrets-management/ Terraform Secrets Management Best Practices Secrets & Credential Leaks Sat, 11 Apr 2026 16:48:43 +0000 https://docs.aws.amazon.com/rolesanywhere/latest/userguide/workload-identities.html https://docs.aws.amazon.com/rolesanywhere/latest/userguide/workload-identities.html AWS IAM Roles Anywhere Workload Identities Secrets & Credential Leaks Sat, 11 Apr 2026 16:48:42 +0000 https://external-secrets.io/ https://external-secrets.io/ External Secrets Operator: Introduction Secrets & Credential Leaks Sat, 11 Apr 2026 16:48:42 +0000 https://www.tenable.com/security/research/tra-2025-52 https://www.tenable.com/security/research/tra-2025-52 Google Cloud SIEM Service Account Token Leak Secrets & Credential Leaks Sat, 11 Apr 2026 16:48:41 +0000 https://www.groundcover.com/learn/security/secret-rotation-how-it-works-challenges-best-practices https://www.groundcover.com/learn/security/secret-rotation-how-it-works-challenges-best-practices Secret Rotation: How It Works Secrets & Credential Leaks Sat, 11 Apr 2026 16:48:40 +0000 https://secrets-store-csi-driver.sigs.k8s.io/topics/secret-auto-rotation https://secrets-store-csi-driver.sigs.k8s.io/topics/secret-auto-rotation Secret Auto Rotation with Secrets Store CSI Driver Secrets & Credential Leaks Sat, 11 Apr 2026 16:48:39 +0000 https://www.codecentric.de/en/knowledge-hub/blog/secretless-connections-from-github-actions-to-aws-using-oidc https://www.codecentric.de/en/knowledge-hub/blog/secretless-connections-from-github-actions-to-aws-using-oidc Secretless GitHub Actions to AWS via OIDC Secrets & Credential Leaks Sat, 11 Apr 2026 16:48:38 +0000 https://docs.github.com/en/actions/concepts/security/openid-connect https://docs.github.com/en/actions/concepts/security/openid-connect OIDC Security Hardening for GitHub Actions Secrets & Credential Leaks Sat, 11 Apr 2026 16:48:37 +0000 https://sjramblings.io/secure-your-secrets-best-practices-for-hardening-hashicorp-vault-in-production/ https://sjramblings.io/secure-your-secrets-best-practices-for-hardening-hashicorp-vault-in-production/ Hardening HashiCorp Vault Best Practices Secrets & Credential Leaks Sat, 11 Apr 2026 16:48:37 +0000