Posted by Miryam Brand
March 31, 2025
Recent high-profile breaches emphasize just how critical effective secrets management is, especially within cloud infrastructure and CI/CD pipelines. This post examines the Coinbase attack and provides actionable steps using Akeyless Secrets Management to prevent or significantly mitigate similar events.
The Coinbase Attack: Exploiting CI/CD Weaknesses
Coinbase recently suffered an attack targeting its GitHub repositories, exposing critical CI/CD secrets and other sensitive data.
How Did the Attack Occur?
Attackers infiltrated Coinbase’s GitHub environment, revealing secrets embedded within CI/CD processes. These improperly managed secrets, often stored in plaintext or inadequately secured, enabled attackers to potentially modify code, inject malicious software, or access confidential infrastructure.
The Impact
Exposing CI/CD secrets significantly jeopardizes system integrity, enabling unauthorized code deployments, malware injection, and data exfiltration. Coinbase’s attack exposed critical vulnerabilities in the company’s development workflows, risking the compromise of both internal systems and customer data.
How Secrets Management Can Help
Proper secrets management could have significantly reduced the severity or even prevented the Coinbase breach entirely. Effective management prevents credentials from being exposed in the first place, and if compromised, ensures they are quickly invalidated through automated rotation and temporary Just-in-Time credentials. Distributed encryption can protect secrets further, significantly limiting attackers’ ability to exploit them. Here’s how you can take the proper steps to proactively protect your organization from cloud and CI/CD breaches.
Step 1: Centralize Your Secrets Management
Centralize the management of all your secrets, eliminating risks associated with secret sprawl and embedded credentials. With proper secrets management, secrets are automatically injected at runtime, ensuring they are never exposed in code, scripts, or configuration files. This centralization significantly reduces exposure from improperly stored credentials, preventing breaches similar to what happened to Coinbase.
Step 2: Automate Secrets Rotation
Automatically rotate credentials, API keys, and tokens regularly. Timely rotation limits attackers’ ability to exploit credentials, greatly reducing the impact of breaches by quickly invalidating exposed secrets.
Step 3: Use Just-in-Time (JIT) Credentials
Deploy temporary Just-in-Time credentials to drastically reduce exposure. JIT credentials expire shortly after they are created, significantly reducing the impact of leaked credentials and easing mitigation efforts.
Step 4: Implement Secure Encryption
Leverage secure encryption like Akeyless’s Distributed Fragments Cryptography (DFC), which distributes encryption across multiple cloud providers and your own environment. These encryption key “fragments” are continuously refreshed and never combined so that even if a breach exposes encrypted secrets, they cannot be decrypted, making them useless to the hacker.
Step 5: Manage Machine Identities Holistically
Automate your certificate lifecycle management with a solution that is streamlined with your secrets management. Proper issuance, renewal, and management prevent unauthorized access and minimize risks posed by compromised machine identities.
Step 6: Continuously Monitor and Audit
Implement continuous monitoring and detailed audit logs. Rapid detection of suspicious activities enables swift responses, significantly reducing the potential impact of security incidents.
Conclusion
The Coinbase incident underscore the critical need for proactive secrets management. By following these actionable steps with Akeyless, organizations can significantly reduce the risk and severity of breaches, protecting their most sensitive assets and maintaining customer trust.
Want to learn how Akeyless can help you secure your secrets and identities? Click here for a demo and consultation.
