Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
0 points
orphea
9mo ago
0 comments
Save
Share
How is a client cert not another glorified static password? It would have been stolen from repo secrets the same way.
0 comments
1 comments · 1 top-level
top
newest
oldest
pabs3
9mo ago
You don't store them in repos on disk, but in a HSM so they can't be stolen, and then you protect signing access to them based on service/process information.
j
/
k
navigate · click thread line to collapse
