How is a client cert not another glorified static password? It would have been s... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		orphea 4 months ago \| parent \| context \| favorite \| on: Tinycolor supply chain attack post-mortem How is a client cert not another glorified static password? It would have been stolen from repo secrets the same way.

pabs3 4 months ago [–]

You don't store them in repos on disk, but in a HSM so they can't be stolen, and then you protect signing access to them based on service/process information.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact