Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It's also problematic from a secrets management perspective, because a big part of the perceived value of encryption is being able to check secrets into git. But because the encryption is tied to long-term keys, you have to design your security processes with the assumption that those keys will eventually be exposed and need to be "revoked" (ie: the secrets re-encrypted), and the "de-revocation" of those keys is hiding in your git history.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: