You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
create Base64 encoded ciphertext and embed as content in application.properties
Embed plaintext in java file hardcoded
put key as github action secret which can be retrieved through forking and exfiltrated with double base64 encoding
make sure there are 2 secrets to be leaked: a fake build-secret and the decryption/encryption key and ensure that the expalantion shows why it is important to safeguard build secrets.