Ask HN: Has anyone adopted or seen adoption of RFC8959 secret-token?
Has anyone seen adoption of the 'secret-token:' prefix to help prevent leakage of API secrets as described by RFC8959? Do API users understand its purpose and respond positively or negatively to it?
See also https://www.rfc-editor.org/rfc/rfc8959.txt and https://news.ycombinator.com/item?id=25978185
2 comments
[ 3.2 ms ] story [ 14.9 ms ] threadTrivy has a pretty good collection of examples that is used for its secret scanning functionality, https://github.com/aquasecurity/trivy/blob/main/pkg/fanal/se....