Non-Human Identity
Identity Access Management Strategy for Non-Human Identities
Build an identity and access management strategy for non-human identities. Secure service accounts, workloads, and machine identities in the cloud.
MOST POPULAR
all tags
other
How Cybercriminal Organizations Weaponize Exposed Secrets
The threat GitGuardian has long-anticipated is now a reality: criminal groups are executing systematic attacks targeting hardcoded credentials and over-permissive IAM configurations. The situation escalated when Shiny Hunters and Crimson Collective formed an alliance to coordinate efforts.
Terraform Secrets Management Best Practices: Secret Managers and Ephemeral Resources
In this blog, we will explore Terraform secrets management best practices, ephemeral resources, and some examples of securely orchestrating AWS infrastructure with AWS Secrets Manager.
DevOps Days Philadelphia 2025: Security As A Control Loop, Resilience, Runtime Risks, And How AI Is Changing It
DevOpsDays Philadelphia 2025 showed how AI governance, secrets security, runtime traces, and ablative resilience work together to reduce operational risk.
Red Hat GitLab Data Breach: The Crimson Collective's Attack
This breach exposed 570GB of data from 28,000 repositories, affecting 800+ organizations. Crimson Collective leaked Customer Engagement Reports containing credentials, API keys, and infrastructure details from major enterprises.
Security Lessons For All From GitHub's Hardened Package Publication For npm
GitHub is hardening npm publishing rules but the underlying lessons can be applied by all developers: WebAuthn for writes, OIDC, and short-lived least-privilege credentials.
How to Handle Secrets in CI/CD Pipelines
Securely managing secrets within the CI/CD environment is super important. Mishandling secrets can expose sensitive information, potentially leading to unauthorized access, data breaches, and compromised systems.
How to Use NHI Governance as Your Central Dashboard to Monitor AWS IAM
Let's have a look at how to integrate NHI Governance with AWS IAM to get detailed security insights into your dashboard.
OWASP AppSec Days France 2025: Learning To Defend The Global Supply Chain Together
OWASP AppSecDays France 2025 explored supply chain trust, CI/CD as the new perimeter and passkeys, showing how shared guardrails make secure delivery possible.
GitGuardian Introduces One-Click Secret Revocation to Accelerate Incident Response
Secure your secrets with GitGuardian's new one-click revocation. Instantly neutralize exposed secrets to close the attack window and automate your incident response.
Who Governs Your NHIs? The Challenge of Defining Ownership in Modern Enterprise IT
Learn how to shift the conversation from "who’s to blame" to "who has context" in managing non-human identities across modern enterprise IT infrastructure.
Detect Secrets in GitLab CI Logs using ggshield and Bring Your Own Source
Discover how to automatically detect secrets in GitLab CI logs using ggshield and GitGuardian's Bring Your Own Source initiative. Learn to set up real-time scanning to prevent credential leaks, enhance compliance, and secure your entire CI/CD pipeline from hidden risks.
Shai-Hulud: A Persistent Secret Leaking Campaign
On September 15, a new supply chain attack was identified that targeted the @ctrl/tinycolor and 150 other NPM packages. The attack scenario was similar to the one used in the s1ngularity and GhostActions campaigns. The threat actors combined a local environment secrets extraction
