Based on the OWASP ASVS assessment of the project, the security team identified that they were not meeting one of the authentication security requirements.
The security team further investigated the existing practices of secrets management. The CTO, Richard, clarified that the issue was becoming a headache for both the development and operation team. In the development and testing environment, developers may keep the password or keys in a separate configuration file. However, to filter these files and to separate them in a different version controls ...