Did some "security" "professional" tell you not to store secrets in plaintext?
Or maybe they said you have to use HTTPS. Or perhaps you were told not paste API keys into Slack.
Well they're wrong. Dead wrong
GG no re xD
Odds are, your company has already been hacked, is being hacked right now, or is going to be hacked in the next ten minutes.
Why put any effort into public key infrastructure, encryption, or hashing when it's pointless anyway? Information wants to be free. Every secret you've ever tried to safeguard will eventually be sold on a shady forum for 5 USD in Robux. Yeah, that's right, some guy with the moniker xXxT0rM4st3r9001xXx is going to leak your customers' passwords for in-game currency. And there's nothing you can do about it. So give up the security theater and embrace the futility.
But it's not all bad news. There are solid benefits to giving up the farce of computer "security".
- Speed up your logins by not having to hash those pesky passwords
- Save beaucoup money by not buying enterprise secrets management software or Hashicorp Vault or, worse, Cyberark PVWA. Those savings can be your bonus instead
- The company website will never go down because of an expired TLS certificate (that means you can fire the DevOps guy)