PS Product SecurityKnowledge Base

Secrets Anti-Patterns Review Checklist

  • Any secrets in Git, images, Terraform state, Helm values, CI variables, or support bundles?
  • Any long-lived cloud keys where workload identity or OIDC federation is available?
  • Any shared secrets reused across environments or services?
  • Any plaintext secrets logged, traced, or dumped in error output?
  • Any backup archives stored without encryption or without key separation?
  • Is rotation owner, cadence, overlap window, and rollback path documented?