https://a-cup-of.coffee/tags/zero-trust/Recent content in Zero-Trust on A cup of coffeeHugoenCopyright © 2026Sat, 02 May 2026 09:37:14 +0200https://a-cup-of.coffee/blog/kloak/Sat, 02 May 2026 08:00:00 +0200https://a-cup-of.coffee/blog/kloak/When an application gets breached, the first thing an attacker will do is exfiltrate whatever data they can reach. From customer data to authentication tokens, secrets are target number one (goodbye to your GitHub PATs, your Slack bots in #general channels, your Mailchimp tokens, OpenAI keys, and so on). You’ll have to revoke everything, assuming the attacker already had access. When thinking about secret management, you think of OpenBao, External Secrets Operator, or sidecars that inject secrets — it works, but the application still ends up with the secret content in memory (and so does an attacker who compromises it).