At the heart of every application are secrets. Credentials that allow human-to-machine and machine-to-machine communication. Machine identities outnumber human identities by a factor of 45-to-1 and represent the majority of secrets we need to worry about. According to CyberArk's recent research, 93% of organizations had two or more identity-related breaches in the past year. It is clear that we need to address this growing issue. Additionally, it is clear that many organizations are OK with using plaintext credentials for these identities in private repos, thinking they will stay private. However, poor hygiene in private code leads to public leaks, as we see in the news too often. Given the scope of the problem, what can we do? What we really need is a change in our processes, especially around the creation, storage, and working with machine identities. Fortunately, there is a clear path forward, combining existing secrets management solutions and secret detection and remediation tools, all while meeting the developers where they are. Making an end-to-end secrets security game plan When we think of remediating the machine identity problem, also known as secrets sprawl, we can lay out the problem in a couple sentences. "We have an unknown number of valid long-lived plaintext secrets spread throughout our code, configurations, CI pipelines, project management systems, and other sources, which we can not account for, and without a coherent rotation strategy. Meanwhile,…Read More