All labs
Lab 54
Cloud Security

Secrets โ€” Exposed vs Managed

Watch a database password leak through frontend JavaScript, a GitHub commit, a Docker image and a log line โ€” then move it into a managed secret store, injected at runtime and rotated. See exactly where secrets escape.

Same database password, two worlds. Flip between bad practice and a managed secret store, and watch where the secret is exposed.
๐Ÿ–ฅ๏ธ Frontend JavaScriptEXPOSED
const DB_PASS = "Pr0d$3cr3t!v1"
๐Ÿ™ GitHub repo (config.js)EXPOSED
DB_PASS=Pr0d$3cr3t!v1
๐Ÿณ Docker imageEXPOSED
ENV DB_PASS=Pr0d$3cr3t!v1
๐Ÿ“œ Application logsEXPOSED
connecting to DB with Pr0d$3cr3t!v1
๐Ÿšจ The password is sitting in the browser bundle, the git history, the image layers AND the logs. Four copies, all permanent. Rotating it means hunting down every copy.
What just happened