Secrets Management in Defense CI/CD
How defense CI/CD pipelines handle secrets without embedding credentials in code — covering HashiCorp Vault, SOPS, Platform One's approach, and how to wire rotation events into your cATO evidence stream....
Technical Journal
Field-informed writing on cybersecurity, DevSecOps, architecture, automation, and the engineering practices that make complex systems more trustworthy.
Start Here
How defense CI/CD pipelines handle secrets without embedding credentials in code — covering HashiCorp Vault, SOPS, Platform One's approach, and how to wire rotation events into your cATO evidence stream....
A curated index of the policy documents, NIST publications, Platform One services, pipeline tools, and compliance resources that defense software teams actually use.
A technical breakdown of Continuous ATO — what it actually requires, how OSCAL enables machine-readable evidence, and where most DoD programs fail to sustain it....
How AI models actually get authorized in the DoD — the Assess Only construct, the coming NIST 800-53 AI overlays, and the re-authorization trigger problem...
How Army RMF 2.0 (Project Sentinel) restructured control selection, inheritance, and monitoring — and how it maps onto the DoD's new five-phase Cybersecurity Risk Management...