sphericth0r

joined 2 years ago
sorted by: new top controversial old
OpenAI: 'The New York Times Paid Someone to Hack Us' * TorrentFreak in c/technology@lemmy.world
[–] sphericth0r@kbin.social 1 points 1 year ago

Google be in trouble then

Disclosure of sensitive credentials and configuration in containerized deployments - ownCloud in c/selfhosted@lemmy.world
[–] sphericth0r@kbin.social 2 points 2 years ago (1 children)

It's probably best to look at what the devops industry is embracing, environment variables are as secure as any of the alternatives but poor implementations will always introduce attack vectors. Secret management stores require you to authenticate, which requires you to store the credential for it somewhere - no matter what there's no way to secure an insecure implementation of secrets access

Disclosure of sensitive credentials and configuration in containerized deployments - ownCloud in c/selfhosted@lemmy.world
[–] sphericth0r@kbin.social 1 points 2 years ago* (last edited 2 years ago)

That's just as insecure lol, env vars are far better