Jake Hulberg

100 posts

Jake Hulberg banner
Jake Hulberg

Jake Hulberg

@JakeHulberg

Developer Advocate @Infisical. Talking all things secrets, PAM, & certificate management. 🎥 YouTuber at Jake's Tech on breaking into tech & dev tools

Houston, TX Katılım Ocak 2026
42 Takip Edilen18 Takipçiler
Jake Hulberg retweetledi
Tony Dang
Tony Dang@dangtony98·
First external contribution to Agent Vault (AV) has been merged! @opencode is now a supported agent in AV. You can now run: agent-vault run -- opencode This will have the agent proxy requests through AV from which you can broker credentials. Stay tuned for better security guarantees around the agent's operating environment soon.
Tony Dang tweet media
English
1
5
35
2.5K
Jake Hulberg retweetledi
Larsen Cundric
Larsen Cundric@larsencc·
Great chat with @dangtony98 today at the Infisical office. They are taking the Control Plane design one step further... Exciting stuff! You guys should keep an eye out for them 👀
English
0
3
9
574
Manu Arora
Manu Arora@mannupaaji·
How do you rotate around 200 env vars across 20 projects ensuring everything works as expected? Asking for a friend
English
186
15
1K
111.1K
Jake Hulberg
Jake Hulberg@JakeHulberg·
@aibra What model are you running on this? I've got something very similar (2x Mac mini 16G + M1pro 32G) and am curious what I can do
English
1
0
3
174
Jake Hulberg
Jake Hulberg@JakeHulberg·
Must read for anyone developing software or administering systems nowadays.
Tony Dang@dangtony98

HOW TO MITIGATE A CREDENTIAL BREACH 👇 With all the security breaches right now, I thought I'd share two cents on how the best engineering teams secure their secrets and credentials across local development, CI/CD, and production systems (this should be layered with other defense in depth mechanisms). 1/ Store secrets in a vault: Centralize all secrets with a secrets management tool like @infisical. Instead of chasing down secrets across 50+ apps and environments with blind spots, lock everything down in a secure vault, encrypted, with tight access. 2/ Eliminate secret zero: Have your applications authenticate with the vault using infrastructure-native auth method like AWS/GCP/Azure/OIDC/Kubernetes Auth. Upon authentication, the vault should issue a short-lived access token that the application can use to fetch back secrets. This uses workload identity so, for example, if you're running a GitHub Actions CI workflow, you can use OIDC to have the CI pipeline authenticate with Infisical and fetch back secrets. 3/ Eliminate static secrets: Most teams have heard of automatic secrets rotation but not dynamic secrets. Secrets rotation is where you update the value of a secret on a per interval basis; this can be your OPENROUTER_API_KEY. Dynamic secrets is where you mint ephemeral secrets on the fly such a PostgreSQL credential. Leaked a secret? At least it's only valid for a finite period. 4/ Log every action: With the right tooling in place, you should be able to trace which applications and people have access to which secrets and all the times that they are accessed. If something goes wrong - you have a trail to look back on. Have a question? AMA I and the team will try to answer as many questions as we can to do with secure secrets management over the next few days.

English
0
0
1
54
Jake Hulberg
Jake Hulberg@JakeHulberg·
@MSR_Builds @dangtony98 Let us know if there's any way we can make the migration smoother for you! You can make an account at app.infisical.com and drag your .env right into the dashboard :) I promise, deleting it locally will feel so good 🤣
English
0
0
0
30
Mian Shahzad Raza
Mian Shahzad Raza@MSR_Builds·
@dangtony98 the .env panic finally pushed me to actually look at this. been 'i'll migrate someday' for years 😭
English
2
0
3
4.4K
Jake Hulberg
Jake Hulberg@JakeHulberg·
100% right. Ignoring the problem of unencrypted important secrets on disk and modifying hooks to your current AI agent (that changes every 2 weeks) is not the answer. Scrap the .env all together and get a secrets manager.
English
0
0
3
342
Tony Dang
Tony Dang@dangtony98·
I hate to break it to y’all but if Claude Code REALLY wanted to read your environment variables, it could just modify your application to print them out and read the logs. You’re anyways better off without a .env anyways with: infisical run — npm run dev This way there won’t be any .env to scour in the first place. ✌🏻
CyrilXBT@cyrilXBT

CLAUDE CODE CAN READ YOUR .ENV FILES BY DEFAULT. Your API keys. Your database passwords. Your secret tokens. All of it visible to the agent unless you tell it otherwise. One setting. Two minutes. Fixes it completely. Add this to your CLAUDE.md right now: Secure your stack before you ship it.

English
10
5
101
28.3K
Jake Hulberg
Jake Hulberg@JakeHulberg·
THE .ENV IS DEAD! Claude hooks ignore the fact that we are still leaving unencrypted variables laying around on disk. It’s not agent agnostic + agents are cheeky at getting around these things. Store secrets in a secrets manager and inject them at runtime. See this vid: youtu.be/zYCeELjcgQ4?si…
YouTube video
YouTube
English
0
0
3
1.1K
CyrilXBT
CyrilXBT@cyrilXBT·
CLAUDE CODE CAN READ YOUR .ENV FILES BY DEFAULT. Your API keys. Your database passwords. Your secret tokens. All of it visible to the agent unless you tell it otherwise. One setting. Two minutes. Fixes it completely. Add this to your CLAUDE.md right now: Secure your stack before you ship it.
CyrilXBT tweet media
English
32
41
422
65.4K
Jake Hulberg
Jake Hulberg@JakeHulberg·
@wickedguro Store variables in an external secrets manager like @infisical, setup automated secrets rotation and dynamic secrets where endpoints accept it and your life becomes a lot easier :) (+ safer)
English
0
0
2
614
Nevo David
Nevo David@wickedguro·
"rotate all your secrets in vercel dashboard" Sure brother, 1000 services, easy
English
17
3
213
17.7K
Jake Hulberg retweetledi
Maidul
Maidul@maidulll·
all secrets in Vercel not marked as sensitive need to be rotated immediately. if you're looking to quickly mark all secrets as sensitive going forward + setup auto rotations, try the @infisical Vercel integration to do it in one click
Vercel@vercel

We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems, impacting a limited subset of customers. Please see our security bulletin: vercel.com/kb/bulletin/ve…

English
1
9
24
3.5K
Jake Hulberg retweetledi
Tony Dang
Tony Dang@dangtony98·
Finally, after this Vercel, LiteLLM, Trivy and more, most developers are waking up to the realization that they are ill-equipped with the tools needed to combat cyberattacks. With the AI frontier pulling away at warp speed, it's more important than ever for developers to not treat security as an afterthought and invest in sound security infrastructure tooling across every category vertical - supply chain security, secrets, certificates, privileged access management and more. We built @infisical to provide the arsenal of security infrastructure tooling needed to combat modern security risks in the AI era and have a ton of updates ahead - open source, butter smooth to set up; one service to rule them all. First step - Secrets Management.
English
1
5
19
1.6K
Jake Hulberg
Jake Hulberg@JakeHulberg·
Devs, if you haven’t prioritized proper secrets management in the past, if you still have .env files sitting around with unencrypted api keys, db credentials, tokens, now is a better time than ever to look into a secrets manager like @infisical We’ve seen various serious incidents with credential exfiltration over the last couple of weeks and they are only going to get more common.
English
0
0
4
483
GREG ISENBERG
GREG ISENBERG@gregisenberg·
This is why cybersecurity is the best startup category to build in right now Every major platform is getting breached in 2026. vercel, snowflake, the list keeps growing. AI made it 100x easier to build. it also made it 100x easier to attack. If you're building a cybersecurity startup right now, your timing is perfect The attack surface is expanding every single day and the buyers have never been more plentiful Be safe out there
Vercel@vercel

We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems, impacting a limited subset of customers. Please see our security bulletin: vercel.com/kb/bulletin/ve…

English
166
123
1.3K
154.7K
Jake Hulberg
Jake Hulberg@JakeHulberg·
Hey Gary! Skill files for Infisical including secret syncs are available with the following command: npx skills add Infisical/ai-skills Works across 45+ AI tools. We also expose our full docs as an MCP server if you prefer that route (this is our preferred method but either should work here): infisical.com/docs/mcp github.com/Infisical/ai-s…
English
1
1
3
82
Vlad Matsiiako
Vlad Matsiiako@matsiiako·
If you’re a Vercel user acting on today’s security incident, here are some best next steps: > Rotate all secrets in your Vercel dashboard immediately > Bulk-migrate env vars to sensitive variables (@infisical has a Vercel sync you can use to quickly mark all secrets as sensitive) > Set up automations to rotate DB creds and API keys on a schedule > Use dynamic secrets, so DB credentials are short-lived > Pull secrets at runtime through our SDKs instead of storing them in Vercel > Make sure you have audit logs to see what was accessed
Vercel@vercel

We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems, impacting a limited subset of customers. Please see our security bulletin: vercel.com/kb/bulletin/ve…

English
25
76
722
206.5K
Jake Hulberg
Jake Hulberg@JakeHulberg·
Here’s a video on how to sync secrets from @infisical to Vercel! Good secrets management is now more important than ever. youtu.be/pFKbhBTiutk?si…
YouTube video
YouTube
Vlad Matsiiako@matsiiako

If you’re a Vercel user acting on today’s security incident, here are some best next steps: > Rotate all secrets in your Vercel dashboard immediately > Bulk-migrate env vars to sensitive variables (@infisical has a Vercel sync you can use to quickly mark all secrets as sensitive) > Set up automations to rotate DB creds and API keys on a schedule > Use dynamic secrets, so DB credentials are short-lived > Pull secrets at runtime through our SDKs instead of storing them in Vercel > Make sure you have audit logs to see what was accessed

English
0
1
4
462

Keşfet

@opencode @dangtony98 @mannupaaji @infisical @aibra @MSR_Builds @wickedguro @elonmusk