{
  "version": "https://jsonfeed.org/version/1.1",
  "title": "Trestle Articles",
  "home_page_url": "https://trestlescan.com/articles/",
  "feed_url": "https://trestlescan.com/feed.json",
  "description": "Guides on finding, fixing, and preventing leaked secrets: responding when a key leaks, how secret scanning works, and how Trestle can help.",
  "language": "en",
  "authors": [
    {
      "name": "Trestle",
      "url": "https://trestlescan.com/"
    }
  ],
  "items": [
    {
      "id": "https://trestlescan.com/articles/api-key-leak-prevention/",
      "url": "https://trestlescan.com/articles/api-key-leak-prevention/",
      "title": "API key leak prevention: how to keep secrets out of your code",
      "summary": "A practical, vendor-neutral guide to API key leak prevention: why credentials leak, what it costs, and the layered defenses that stop secrets from escaping your codebase.",
      "date_published": "2026-06-22T01:00:00.000Z",
      "date_modified": "2026-06-22T01:00:00.000Z",
      "tags": [
        "Guide"
      ]
    },
    {
      "id": "https://trestlescan.com/articles/secret-scanners-compared/",
      "url": "https://trestlescan.com/articles/secret-scanners-compared/",
      "title": "Four secret scanners compared on four codebases",
      "summary": "Trestle, Gitleaks, TruffleHog, and detect-secrets run with default settings over four public codebases. Every scanner catches an obvious API key. The differences show up with the secrets that don't look like secrets: hashed passwords, weak passwords, credit card numbers, and values that get sent to the browser.",
      "date_published": "2026-06-17T01:00:00.000Z",
      "date_modified": "2026-06-17T01:00:00.000Z",
      "tags": [
        "Tool comparison"
      ]
    }
  ]
}