AI, Data Science & Cloud Certificates from Google, IBM & Meta — 40% Off
One plan covers every Professional Certificate on Coursera. 40% off Coursera Plus Annual.
Unlock All Certificates
Explore the security vulnerabilities and misconceptions surrounding GitHub Actions secrets in this 22-minute conference talk. Learn about the non-intuitive security model of GitHub Actions secrets and discover why many organizations have a false sense of security when relying on repository and organization-level secrets for CI/CD pipeline protection. Examine the three types of secrets in GitHub Actions - organization, repository, and environment - along with their respective protections and limitations. Understand how misconfigurations create hidden security risks and discover more robust approaches using environments and environment protection rules. Investigate OpenID Connect (OIDC) for cloud authentication as an alternative to long-lived secrets, while learning about potential misconfigurations and how environment-based protections can mitigate risks. Gain practical strategies for better protecting cloud permissions in CI/CD pipelines, whether securing sensitive credentials or refining OIDC configurations, with actionable defenses designed to maintain security at scale.
