https://www.youngju.dev/blog 천천히 올바르게. AI Researcher & DevOps Engineer Youngju's tech blog. GPU/CUDA, LLM, MLOps, Kubernetes AI workloads, distributed training, and data engineering. ko fjvbn2003@gmail.com (Youngju Kim) fjvbn2003@gmail.com (Youngju Kim) Fri, 12 Jun 2026 00:00:00 GMT https://www.youngju.dev/blog/devops/2026-06-12-developer-token-security-vscode-github.en https://www.youngju.dev/blog/devops/2026-06-12-developer-token-security-vscode-github.en Dissecting the June 2026 case of one-click GitHub token theft through a VSCode bug, this post traces the paths along which tokens leak in developer environments. It covers PAT permission design, token rotation, secret scanning, safe git-credential configuration, gitleaks, and how to eliminate long-lived tokens in CI with OIDC, all with practical configuration examples. Fri, 12 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) securitygithubtokensdevopssecretsoidc https://www.youngju.dev/blog/devops/2026-06-12-developer-token-security-vscode-github.ja https://www.youngju.dev/blog/devops/2026-06-12-developer-token-security-vscode-github.ja 2026年6月に公開された、VSCodeのバグを介した1クリックでのGitHubトークン窃取事例を解剖し、開発環境でトークンが漏れる経路を追跡します。PATの権限設計、トークンのローテーション、secret scanning、git-credentialの安全な設定、gitleaks、CIでOIDCにより長期トークンをなくす方法まで、実践的な設定例で整理します。 Fri, 12 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) securitygithubtokensdevopssecretsoidc https://www.youngju.dev/blog/devops/2026-06-12-developer-token-security-vscode-github https://www.youngju.dev/blog/devops/2026-06-12-developer-token-security-vscode-github 2026년 6월 공개된 VSCode 버그를 통한 1-click GitHub 토큰 탈취 사례를 해부하고, 개발 환경에서 토큰이 새는 경로를 추적합니다. PAT 권한 설계, 토큰 회전, secret scanning, git-credential 안전 설정, gitleaks, CI에서 OIDC로 장기 토큰을 없애는 방법까지 실전 설정 예제로 정리합니다. Fri, 12 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) securitygithubtokensdevopssecretsoidc