[HN Gopher] Driftwood: Know if private keys are sensitive
       ___________________________________________________________________
        
       Driftwood: Know if private keys are sensitive
        
       Author : orangepenguin
       Score  : 28 points
       Date   : 2021-11-08 20:45 UTC (2 hours ago)
        
 (HTM) web link (trufflesecurity.com)
 (TXT) w3m dump (trufflesecurity.com)
        
       | midasuni wrote:
       | This was flagged and marked dead at
       | https://news.ycombinator.com/item?id=29152572
       | 
       | Which is a shame, thanks for resubmitting
        
       | nijave wrote:
       | Why are there so many private keys in repos? It seems preferable
       | to just generate them when needed instead of risk one being
       | misused
        
         | riverdroid wrote:
         | Most private keys in Git repositories seem to be test data. But
         | why are those test private keys sometimes used for other
         | things? Probably just people lazily copying from ~/.ssh/idrsa
         | or copying to ~/.ssh/idrsa.
        
         | codetrotter wrote:
         | Committing private keys is definitely the wrong thing to do.
         | But if the system is talking to something, then generating new
         | keys won't help either. What you need is some kind of system to
         | deploy or retrieve secrets. There are various different
         | solutions that exist for this.
        
       ___________________________________________________________________
       (page generated 2021-11-08 23:00 UTC)