Dwayne McDaniel on the Engineering Challenges of Secrets and techniques Administration – Software program Engineering Radio

May 27, 2026

2

Dwayne McDaniel, developer advocate at GitGuardian.com, joins host Priyanka Raghavan to speak in regards to the engineering challenges of secrets and techniques administration. They discover what “secrets and techniques” actually are in fashionable techniques—far past passwords—together with API keys, tokens, certificates, and machine identities, and the way “secret sprawl” emerges throughout the SDLC. Drawing on stories from GitGuardian and Verizon, they focus on the rising scale of secret leaks and why credential abuse and phishing stay dominant assault vectors.

They look at widespread leak factors—from code repos and logs to CI/CD pipelines, containers, and SaaS integrations—and the way cloud, DevOps, and AI tooling are amplifying dangers. Priyanka quizzes Dwayne about current provide chain assaults from pyPi and trivy ecosystems, highlighting recurring root causes like poor entry management, long-lived credentials, and weak safety hygiene. Lastly, they take into account detection, response, and fashionable options—short-lived credentials, secret scanning, and identity-based approaches like OWASP NHIR and SPIFFE/SPIRE—ending with sensible recommendation for engineers to scale back blast radius and design for safe secret lifecycle administration.

Delivered to you by IEEE Pc Society and IEEE Software program journal.