https://blog.catalyst9.ai/tags/security/Recent content in Security on Catalyst9 EngineeringHugoen-usFri, 01 May 2026 00:00:00 -0600https://blog.catalyst9.ai/posts/part-1-scattered-secrets/Tue, 21 Apr 2026 00:00:00 -0600https://blog.catalyst9.ai/posts/part-1-scattered-secrets/A few weeks ago I went hunting for an API key. I found my secrets in 47 places. Here’s what I built to fix that.https://blog.catalyst9.ai/posts/part-2-env-files-liability/Wed, 22 Apr 2026 00:00:00 -0600https://blog.catalyst9.ai/posts/part-2-env-files-liability/Your .env never touched git. The password leaked anyway. Nine separate places, depending on which tools you used that afternoon. Here’s the better model.https://blog.catalyst9.ai/posts/part-4-ai-agents/Mon, 27 Apr 2026 00:00:00 -0600https://blog.catalyst9.ai/posts/part-4-ai-agents/When your AI coding agent runs, it should see the Anthropic key and the project context — not your production database password. Unless you explicitly said so.https://blog.catalyst9.ai/posts/part-6-forensics/Fri, 01 May 2026 00:00:00 -0600https://blog.catalyst9.ai/posts/part-6-forensics/GitHub emails you at 2am about a leaked token. Old world: rotate everything, file a ticket, investigation takes a week. New world: one command, 30 seconds, ticket closed.