undefined | Better HN

story

0 pointsmifix10y ago0 comments

What you are describing is how to remove _access_ to the secret. The issue here is, that the former employee still has _knowledge_ of the secret. Hence you have to rotate the secret.

0 comments

tptacek10y ago

Plenty of companies choose to accept the risk that an employee might have memorized a secret, but not accept the risk that the employee's secret-encrypting-key might leak at any point for the lifetime of the repository.

Obviously, nothing you do w/r/t secret storage is going to resolve the problem of what's in your employees' heads.

j / k navigate · click thread line to collapse

0 comments

tptacek10y ago

Obviously, nothing you do w/r/t secret storage is going to resolve the problem of what's in your employees' heads.

j / k navigate · click thread line to collapse