alt Hacker NewsAuthor here. Built VaultProof after analyzing the Trivy attack the credential harvesting worked specifically because the keys existed as plaintext in the CI/CD environment after retrieval from the secrets manager. Happy to go deep on the Shamir architecture or the attack mechanics if useful.
Replies
dboreham • today at 1:20 AM
Can you explain what this is please? "Exploits mutable Git tags and self-declared commit identity"
➕ show 1 reply
Why use a Shamir architecture at all, instead of giving the CI run an ephemeral token that will be exchanged on the proxy?