The security team said yes: How a $300B deployed Claude agents across the enterprise →

TRY AEMBIT
TALK TO AN ENGINEER
Blog

Tag: Secrets

encryption keys vs access keys

Managing Encryption Keys vs. Access Keys

Modern infrastructure depends on keys: encryption and access. They’re not the same, and treating them the same quietly introduces risk.
Dan Kaplan
Apr 2026
|
6 min read
API Keys vs. JWTs: Choosing the Right Auth Method for Your API

API Keys vs. JWTs: Choosing the Right Auth Method for Your API

A developer needs to connect a service to an API. The documentation says to generate an API key, store it in an environment variable and pass it in a header. Five minutes later, the integration works.
Ashur Kanoon
Apr 2026
|
5 min read
Credentials insights from Verizon DBIR Report

Credential and Secrets Theft: Insights from the 2025 Verizon Data Breach Report

Stolen credentials remain the most common way attackers get in. The 2025 Verizon Data Breach Investigations Report, covering more than 22,000 security incidents and 12,000 confirmed breaches, makes the case plainly: credential abuse was the leading initial access vector for the second consecutive year.
Dan Kaplan
Apr 2026
|
5 min read
moving beyond static credentials

Moving Beyond Static Credentials in Cloud-Native Environments

Static credentials, like hardcoded API keys and embedded passwords, have long been a fixture of how workloads authenticate. But in distributed, cloud-native environments where services constantly spin up and down, these long-lived secrets have become a growing source of risk, operational friction and compliance failure.
Ashur Kanoon
Apr 2026
|
5 min read
Connectivity of boxes

Secrets Management vs. Access Management: What You Need to Know

When your team stores API keys in a vault and rotates them on a schedule, it feels like the access problem is handled.
Apurva Davé
Apr 2026
|
5 min read
Workload identity vs. workload access management

Workload Identity vs. Workload Access Management: Securing Cloud-Native Workloads in a Dynamic Environment

Workload identity proves who a workload is. Workload access management controls what it can do. Learn why separating them is critical for zero trust.
Dan Kaplan
Apr 2026
|
5 min read
Trivy gets breached and the secrets problem.

The Trivy Compromise: The Fallacy of Secrets Management and the Case for Workload Identity

The Trivy incident exposed a credential architecture failure, not just a supply chain one. Here’s the case for workload identity and access.
Apurva Davé
Mar 2026
|
5 min read
secret remediation best practices

Secret Remediation Best Practices: A Step-by-Step Guide

Secret remediation is the process of responding to an exposed credential by revoking it, rotating it and removing every trace of it from your environment.
Apurva Davé
Mar 2026
|
6 min read
Secrets management vs. secrets elimination

Secrets Management vs. Secrets Elimination: Where Should You Invest?

Most organizations still treat credentials as something that must be protected, stored, and rotated. But a second model is quietly reshaping how machine authentication works: eliminate static secrets altogether and authenticate workloads using identity and just-in-time access.
Dan Kaplan
Mar 2026
|
6 min read
The Ultimate Guide to MCP Security Vulnerabilities

The Ultimate Guide to MCP Security Vulnerabilities

SPIFFE focuses on who a workload is. It issues cryptographic identities to services and workloads so they can prove their authenticity to each other without relying on stored secrets. OAuth focuses on what a workload is allowed to do. It defines how access is delegated and controlled when one service needs to interact with another or call an external API.
Ashur Kanoon
Mar 2026
|
7 min read
Load More