Comment on Disney hack leads to 1.2TB of Slack communications leaked online
douglasg14b@lemmy.world 4 months agoDepends. Our engineering slack doesn’t contain secrets for a few reasons:
- Secret scanning
- We have a /secret bot that will take your secret, store it securely, and then present a GUI for each person with access to display that secret “for just that person”. And then after a set period of time it’s made inaccessible, and wiped from the infra.
- Training and knowledge transfer on secret security
MNByChoice@midwest.social 4 months ago
“Secret Bot” sounds great!
Custom in-house or off the shelf?
douglasg14b@lemmy.world 4 months ago
In house.
MNByChoice@midwest.social 4 months ago
Thank you. It sounds spectacular and well thought out. You must work with a great team.