How the Trivy supply chain attack harvested credentials from secrets managers
8 hours ago
- #supply-chain-attack
- #secrets-management
- #security-vulnerability
- The supply chain attack on Trivy involved injecting credential-harvesting malware into the official release binary, which exfiltrated plaintext API keys from environment variables without detection.
- Traditional secrets managers (e.g., Vault, AWS Secrets Manager) are vulnerable because they retrieve and expose API keys as plaintext environment variables at runtime, making them accessible to compromised tools.
- VaultProof prevents such attacks by splitting API keys into cryptographic shares stored separately, ensuring the full key never exists as plaintext in the runtime environment, rendering credential harvesting ineffective.