Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore the security vulnerabilities and misconceptions surrounding GitHub Actions secrets in this 22-minute conference talk. Learn about the non-intuitive security model of GitHub Actions secrets and discover why many organizations have a false sense of security when relying on repository and organization-level secrets for CI/CD pipeline protection. Examine the three types of secrets in GitHub Actions - organization, repository, and environment - along with their respective protections and limitations. Understand how misconfigurations create hidden security risks and discover more robust approaches using environments and environment protection rules. Investigate OpenID Connect (OIDC) for cloud authentication as an alternative to long-lived secrets, while learning about potential misconfigurations and how environment-based protections can mitigate risks. Gain practical strategies for better protecting cloud permissions in CI/CD pipelines, whether securing sensitive credentials or refining OIDC configurations, with actionable defenses designed to maintain security at scale.
