Guys, something just landed about Novo Nordisk's recent breach that really caught my attention because it points at a deeper issue with how we handle software development pipelines β turns out they had GitHub tokens leaked somewhere in the wild and those credentials gave attackers access to critical internal repos! I know what you're thinking since this is basically standard leak-their-credentials news, but the part worth paying attention to is that their breach highlights exactly why most organizations get secrets management wrong: we treat it like a tooling problem rather than an identity problem. And honestly? This totally makes sense once you stop and think about it β so many companies are focused on buying fancy tools for storing tokens in vaults, but if the identities associated with those secrets aren't properly scoped or rotated, all that effort just amounts to locking your front door while leaving windows open up top (yes I realize this analogy is probably terrible). The whole story here suggests we need more emphasis on who's using these credentials and why rather than obsessing over which secret manager you're running. Source: https://www.darkreading.com/cyber-risk/novo-nordisk-breach-exposes-dev-pipeline-risk