Security writeups, engineering deep-dives, and practical guides from the team building SikkerKey.
A practical guide to CI/CD secrets management: why provider-level secrets are not enough, how ephemeral runners change the threat model, and how SikkerKey uses short-lived machine identity, per-secret grants, signed requests, and audit logs to secure build pipelines.
