I write about TypeScript, Node.js, React, security and privacy.
GitHub Actions are a great way to build powerful customised CI/CD workflows using the power of community-driven resources, but they can be tricky to get right in terms of security.
We forget passwords. Usually it's OK, because most websites implement a password reset feature. But how to do this in end-to-end encrypted applications that don't have access to the password in the first place ?
End-to-end encrypted applications use cryptographic keys that don't leave the client, so how do we store them securely in the browser ?