Profile avatar
lawndoc.cjmay.info
30 posts 56 followers 85 following
Regular Contributor
Active Commenter
Posts 12 Comments 20
comment in response to post
My coworkers and I bring this one back up at least twice a year
submitted 9 days ago
comment in response to post
I see. Another thing you could look into is Infisical which is a pretty intuitive self hosted secret manager. I just wrote a blog post for them that shows how to set it up and use their CLI for just-in-time ENV injection. Which works if you're manually running commands infisical.com/blog/self-ho...
submitted 15 days ago
comment in response to post
Not sure what you're working with, but most CI platforms are able to issue short lived JWTs to jobs that securely attest what the job is so you can federate access with OIDC. Might be worth looking into if you haven't already. Or it might not be possible as you said without platform support.
submitted 15 days ago
comment in response to post
Have you tried using OIDC auth to access the vault with a machine identity? IMO that's the best solution to the "recursive secrets" problem
submitted 15 days ago
comment in response to post
Elastic blog by Ruben Groenewoud: www.elastic.co/security-lab...
submitted 26 days ago
comment in response to post
It's so easy to use, our high school intern with zero previous Linux experience has been able to use it in our lab to document what we detect and what our gaps are. It's been a great project for him to learn about Linux and detection engineering.
submitted 26 days ago
comment in response to post
bsky.app/profile/lawn...
submitted 29 days ago
comment in response to post
The hardest part of writing this blog post is to not sound like I'm vomiting buzzwords like an auditor who pretends to understand how security works
submitted 29 days ago
comment in response to post
Accurate 😂 and optionally buy a domain
submitted 30 days ago
comment in response to post
And lots of times things get re-invented
submitted 36 days ago
comment in response to post
Nothing is "old school" if it still works 🤷
submitted 36 days ago
comment in response to post
Really appreciate the content and tooling you contribute to the community. Congrats on 5 years!
submitted 36 days ago
comment in response to post
I worry what it will do to entry level positions, which will in turn raise the bar for someone to get a job that can't be automated with AI agents. I agree that there will always need to be qualified human oversight, but how do those people get trained?
submitted 36 days ago
comment in response to post
I think the difference between authn and authz in general is commonly misunderstood
submitted 36 days ago
comment in response to post
"trust, but verify" 💯
submitted 36 days ago
comment in response to post
That darn #OST
submitted 109 days ago
comment in response to post
Sneak peak: securityrunners.io/post/beyond-...
submitted 111 days ago
comment in response to post
"Now every time our users ask Copilot a question, they roll the dice hoping they don't use a magic word that injects the wrong paid ad into their context window. We should have shut that down when Google started putting ransomware in our search results. Now look what we have to deal with." (2/2)
submitted 111 days ago
comment in response to post
Welcome!
submitted 113 days ago
comment in response to post
Definitely @nathanmcnulty.com, especially if your company is all in on Microsoft
submitted 120 days ago