Credentials allow human-to-machine and machine-to-machine communication. According to recent research, 93% of organizations had two or more identity-related breaches in the past year. It is clear that we need to address this growing issue. Unfortunately, many organizations are OK with using plaintext credentials, which we should all know not to do by now.

These go beyond just adding these credentials to build systems and into our code. Secrets sprawl into our local scripts, communication tools, and project management tickets daily. Attackers know this and are counting on you not getting a handle on the problem by the time they break in.

Given the scope of the problem, what can we do? Let's make a plan!
- Secrets Detection
- Secrets Management
- Developer Workflows
- Secrets Scanning
- Automatic Rotation

By the end of this session, you should have a clear roadmap for taming the machine identity mess in your code and pipelines.