In brief: Leaked GitHub tokens at Novo Nordisk demonstrate that secrets management must be properly addressed as an identity problem, not merely as a tooling challenge.
GitHub tokens were leaked at Novo Nordisk, illustrating how organizations often mismanage secrets. The incident underscores a widespread problem: secrets management is treated as a tooling question, not as an identity problem.
The GitHub token leak at Novo Nordisk illustrates a fundamental miscalibration in the security strategy of many organizations. Many companies rely primarily on technical tooling solutions for secrets management without addressing the underlying architecture of identity and access management.
For CISOs, this represents a critical risk in the software development pipeline: GitHub tokens, API keys, and similar credentials are frequently treated as artifacts that can be technically “contained.” Yet without rigorous identity and access governance, these secrets remain exposed—through hardcoding in repositories, misconfigured logging, or overpermissive tokens with excessively broad access rights.
The Novo Nordisk case underscores: secrets management requires a holistic approach that governs token lifecycles, enforces least-privilege principles, and treats secrets as identity artifacts—not as a technical configuration problem. Without this conceptual shift, the development pipeline remains an attractive target for threat actors who can gain deep system privileges through leaked credentials.
Source: www.darkreading.com · Published 18 June 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification via Lumi News Pipeline v1.7.1.