In 2025, a former operational environment maintainer for RubyGems.org was able to regain access to production systems because were still stored in the organisation’s enterprise password vault. The credentials had never been rotated after the employee left. The result: a former employee retained administrative access for an unknown period, a clear violation of the principle of least privilege and a direct consequence of shared, long‑lived credentials.
stared at the word. For the first time in his thirty years, he held a key that no one else owned. He felt a sudden, violent surge of vertigo. In Aethelgard, a secret was a weight; it was a crack in the glass. kshared password
: