12
HerrBadger
260d

More companies need to clamp down on hard-coding secrets. It’s not difficult to store them somewhere else, and there’s swathes of free tooling to stop you doing it in the first place.

Heck, set up a pre-commit hook. Link it to a shock collar.

Comments
  • 3
    The problem is the plethora inconsistent solutions by each and every company to verify identity.

    As a developer I am constantly being asked to login and prove my identity.

    Each developer tool, operating system, company I work for wants me to do it in a different way.

    Security theatre at it’s finest. I don’t have a solution because this is a societal, political problem and cannot be solved with a technical solution.

    I don’t think anyone wants governments verifying identity on the internet.
  • 1
    If our shock collars only support basic auth, we can just hard-code the creds in the yaml file, right?

    What's the worst that can happen?
  • 1
    They could just store in a file like .env, git ignore that file. Simple eh?
  • 1
    Now, you see, uh... git hooks need to be set up, as the individual step. But it's well besides the point: the universe will find even dumber ways for those incompetent to leak secrets.
Add Comment