Glad to be talking with you too! :) I didn't mean to imply you said something you didn't, only that I would consider access keys to various services be of much more importance the code base itself. I read you comment as "Doesn't matter about the access keys, if they have your source code, you're screwed no matter what", which in that case would seem a bit strong.
Also "pushes to prod from compromised accounts, CI systems" seems more related to access keys and account security rather than the actual code base.
But hey, in the end I'm no security expert so what do I know.
Also "pushes to prod from compromised accounts, CI systems" seems more related to access keys and account security rather than the actual code base.
But hey, in the end I'm no security expert so what do I know.