Long-form writing on security, Kubernetes, platform engineering, and the operational realities of keeping production systems alive.
Yesterday's PyPI compromise of LiteLLM harvested every credential it could find on disk. Here's how ephemeral filesystem secrets via the Kubernetes Secrets Store CSI Driver reduce the blast radius of exactly this class of attack.