- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
Why Removing a Secret From Git Does Not Actually Remove It — and What That Means for Storage
A developer puts a database password in a config file, commits it to the repository, and moves on. The password is now in version control permanently — not just in the current state, but in every commit that follows, every clone ever made, every fork that existed before the file was removed. Deleting the file does not remove it. The only remediation is a destructive history rewrite that most teams never complete. That is one storage decision, made in thirty seconds, with a consequence that may never fully go away. How secrets get stored determines not just who can access them today but who might reach them at any point in the future.
This video maps the full storage spectrum — from plaintext in repositories at the weak end, through environment variables and their widely misunderstood security properties, to dedicated secrets managers and the specific failure mode they introduce. Environment variables relocate secrets rather than protecting them, and in containerised environments with logging agents and observability tooling, secrets passed as environment variables routinely arrive in log aggregation systems whose access controls are far looser than the application. This pattern — a secret moving from a controlled location into a less controlled one through infrastructure doing exactly what it was designed to do — is consistent enough across real breaches to have a name: secret laundering.
The secret zero problem introduced here — every secrets manager requires a first credential that must itself be protected — runs through the rest of the series as a reminder that every abstraction shifts the problem rather than eliminating it. The question worth carrying out of this video is not where a secret is stored, but everywhere it has ever been — and whether any of those places have access controls that match what the secret actually protects.
Видео Why Removing a Secret From Git Does Not Actually Remove It — and What That Means for Storage канала Security Explained
This video maps the full storage spectrum — from plaintext in repositories at the weak end, through environment variables and their widely misunderstood security properties, to dedicated secrets managers and the specific failure mode they introduce. Environment variables relocate secrets rather than protecting them, and in containerised environments with logging agents and observability tooling, secrets passed as environment variables routinely arrive in log aggregation systems whose access controls are far looser than the application. This pattern — a secret moving from a controlled location into a less controlled one through infrastructure doing exactly what it was designed to do — is consistent enough across real breaches to have a name: secret laundering.
The secret zero problem introduced here — every secrets manager requires a first credential that must itself be protected — runs through the rest of the series as a reminder that every abstraction shifts the problem rather than eliminating it. The question worth carrying out of this video is not where a secret is stored, but everywhere it has ever been — and whether any of those places have access controls that match what the secret actually protects.
Видео Why Removing a Secret From Git Does Not Actually Remove It — and What That Means for Storage канала Security Explained
Комментарии отсутствуют
Информация о видео
22 апреля 2026 г. 14:00:32
00:07:16
Другие видео канала
Authentication vs Authorisation vs Identity: What's the Difference?
Why Isolation Fails: How One Compromised Component Takes Down an Entire System
Why Most Security Controls Don't Stop Attacks
What is Identity? Security Fundamentals
How Digital Identity Works? | Credentials, Tokens & Claims Explained
Why Passwords Fail Even When They Are Strong
How Attackers Build a Complete Inventory of What You're Running , and What You're Not Watching
What Is a Secret? And Why Rotating an Exposed Secret Is the Last Thing You Should Do
Where Security Boundaries Actually Get Enforced, and Where They Don't
The Hidden Assumptions Inside Security Boundaries That Attackers Rely On
How Assets Degrade Under Attack Before They Are Fully Compromised
How Authentication Actually Works
How Attackers Bypass MFA — and Why Identity Verification Fails in Ways You Don't Expect
Identity Downgrade: How Attackers Force Weaker Authentication Than Your System Requires
How Machine Credentials Outlive Their Purpose|The Identity Nobody Offboarded | Permissions Security
Excess Privilege: Why 80% of Cloud Permissions Exist Only for Attackers to Use
How Error Tracking Tools Are Storing Secrets You Never Meant to Send Them
Rotating a Compromised Secret Doesn't End the Attack — Here's What Does
How Security Fails Quietly Over Time
What Is a Threat Actor? | Security Fundamentals
