A widely used GitHub Action, tj-actions/changed-files, was compromised sometime before March 14, 2025 with a malicious payload, leading to the exposure of secrets in public repository logs. The incident has been assigned CVE-2025-30066 and is a stark reminder of the growing risks in the software supply chain.

Kubernetes has become a worldwide standard for running container workloads. Nevertheless, working with Kubernetes has its challenges such as dealing with sensitive information that your workload needs to perform proper operations on it and consuming the secret such as passwords, API keys and tokens etc. There are a lot of different solutions that exist in the marketplace to solve this specific problem such as HashiCorp Vault, AWS Secret Manager, Mozilla Secrets Operations etc.