SE Radio 722: Dwayne McDaniel on the Engineering Challenges of Secrets Management episode artwork

EPISODE · May 27, 2026 · 52 MIN

SE Radio 722: Dwayne McDaniel on the Engineering Challenges of Secrets Management

from Software Engineering Radio - The Podcast for Professional Software Developers · host SE Radio

Dwayne McDaniel, developer advocate at GitGuardian.com, joins host Priyanka Raghavan to talk about the engineering challenges of secrets management. They explore what "secrets" really are in modern systems—far beyond passwords—including API keys, tokens, certificates, and machine identities, and how "secret sprawl" emerges across the SDLC. Drawing on reports from GitGuardian and Verizon, they discuss the growing scale of secret leaks and why credential abuse and phishing remain dominant attack vectors. They examine common leak points—from code repos and logs to CI/CD pipelines, containers, and SaaS integrations—and how cloud, DevOps, and AI tooling are amplifying risks. Priyanka quizzes Dwayne about recent supply chain attacks from pyPi and trivy ecosystems, highlighting recurring root causes like poor access control, long-lived credentials, and weak security hygiene. Finally, they consider detection, response, and modern solutions—short-lived credentials, secret scanning, and identity-based approaches like OWASP NHIR and SPIFFE/SPIRE—ending with practical advice for engineers to reduce blast radius and design for secure secret lifecycle management.

NOW PLAYING

SE Radio 722: Dwayne McDaniel on the Engineering Challenges of Secrets Management

0:00 52:10

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of Software Engineering Radio - The Podcast for Professional Software Developers?

This episode is 52 minutes long.

When was this Software Engineering Radio - The Podcast for Professional Software Developers episode published?

This episode was published on May 27, 2026.

What is this episode about?

Dwayne McDaniel, developer advocate at GitGuardian.com, joins host Priyanka Raghavan to talk about the engineering challenges of secrets management. They explore what "secrets" really are in modern systems—far beyond passwords—including API keys,...

Can I download this Software Engineering Radio - The Podcast for Professional Software Developers episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!