#secrets
Tagged “secrets”
2 articlesSecurity & supply chain
Vault learns to speak SPIFFE, and your pipeline's static token is on notice
HashiCorp wired SPIFFE into Vault as both an auth method and a secrets engine, positioning Vault as a workload-identity broker that sits next to SPIRE rather than replacing it. For CI/CD that means one more reason the long-lived bearer token in your job secrets is harder to defend by the day.
Jun 17, 2026 · Tomás VegaSecurity & supply chainGitHub Agentic Workflows drop personal access tokens for the built-in Actions token
Agentic workflows on GitHub can now authenticate with the ephemeral GITHUB_TOKEN instead of a long-lived personal access token. It is a quiet credential-hygiene win that closes one of the messier blast radii in agent-driven CI.
Jun 15, 2026 · Tomás Vega