#31 Exposed – When Vault Becomes the Breach: Inside Cloud Secrets Heists
Episode 31 of the The Identity Navigator podcast, hosted by Rohit Agnihotri, titled "#31 Exposed – When Vault Becomes the Breach: Inside Cloud Secrets Heists" was published on December 21, 2025 and runs 18 minutes.
December 21, 2025 ·18m · The Identity Navigator
Summary
In this episode of The Identity Navigator, I dig into how my favorite cloud secrets managers—AWS Secrets Manager, Azure Key Vault, GCP Secret Manager, Kubernetes Secrets, and HashiCorp Vault—can quietly turn into an attacker’s jackpot when configuration, permissions, and monitoring fall behind. Using MITRE ATT&CK technique T1555.006 as my backbone, I walk through real-world campaigns like LUCR-3/Scattered Spider and SCARLETEEL, break down the full attack chain from leaked IaC and developer creds to mass secret harvesting, privilege escalation, and stealthy exfiltration, and show youexactly what to watch for in API activity, policy changes, and cloud-native logs. You’ll leave with practical playbooks for least-privilege design, secret rotation and vault hygiene, multi-cloud and Terraform hardening, and cloud red teaming with tools like Stratus Red Team—plus culture-first tactics to make “I made a mistake” a safe sentence so both human and machine identities stay out of the breach [email protected]://www.linkedin.com/in/rohit-agnihotri
Episode Description
In this episode of The Identity Navigator, I dig into how my favorite cloud secrets managers—AWS Secrets Manager, Azure Key Vault, GCP Secret Manager, Kubernetes Secrets, and HashiCorp Vault—can quietly turn into an attacker’s jackpot when configuration, permissions, and monitoring fall behind. Using MITRE ATT&CK technique T1555.006 as my backbone, I walk through real-world campaigns like LUCR-3/Scattered Spider and SCARLETEEL, break down the full attack chain from leaked IaC and developer creds to mass secret harvesting, privilege escalation, and stealthy exfiltration, and show youexactly what to watch for in API activity, policy changes, and cloud-native logs. You’ll leave with practical playbooks for least-privilege design, secret rotation and vault hygiene, multi-cloud and Terraform hardening, and cloud red teaming with tools like Stratus Red Team—plus culture-first tactics to make “I made a mistake” a safe sentence so both human and machine identities stay out of the breach headlines
Similar Episodes
Apr 13, 2026 ·8m
Apr 9, 2026 ·14m
Apr 8, 2026 ·16m
Apr 8, 2026 ·14m
Apr 6, 2026 ·14m
Apr 3, 2026 ·58m