https://news.ycombinator.com/user?id=luisfdiasHacker News RSShttps://hnrss.org/hnrss v2.1.1Wed, 22 Apr 2026 20:11:48 +0000+1 on vaults. One step further: credentials that never land in the runtime environment at all. App authenticates to a gateway via workload identity, gateway proxies the call, process never sees the secret. Makes env enumeration useless even with valid admin access (I work on an open-source tool in this space, so I'm biased).

]]>Wed, 22 Apr 2026 15:26:14 +0000https://news.ycombinator.com/item?id=47864982luisfdiashttps://news.ycombinator.com/item?id=47864982https://news.ycombinator.com/item?id=47864982