Customer Story

Customer Interview: Insights from ENlighten

We interviewed Jinseok Yeo from ENlighten, Korea’s top energy IT platform, on how they secure credentials and secrets. Here’s their approach to security.

We had the pleasure of interviewing Jinseok Yeo from ENligthen, Korea’s leading energy IT platform. In this conversation, we explored how ENligthen has implemented commitments and kept credentials and secrets secure. Let’s dive into their journey and discover their innovative approach!

Wall sign for Enlighten featuring logo and tagline "More Energy, More Powerful" in white 3D letters.

Who is Enlighten?

We are a company that creates value beyond connection by gathering more energy, more powerful energy. By connecting scattered renewable energies with IT technology, we are implementing a platform trading platform where supply and consumption can be freely exchanged. Currently, we provide online business feasibility review services and reliable asset management services to power generators using the platform, RE100 consulting and power trading services to companies that need renewable energy electricity, and have signed power purchase agreements (third-party PPAs) with NAVER New Building and Lotte Global Logistics. ENLighten's power generation king service is the largest single service in Korea, with more than 22,000 locations nationwide and more than 5.4 GW of power plants connected, and a market share of 25%.

Transforming distributed energizer resources into IT technology and a platform for free trading between suppliers and consumers

Enlighten operates services such as solar integration business, energy IT platform, and VP platform for energy trading. It is the No. 1 energy platform company in Korea that is innovating the energy market with its outstanding technology and expertise. With KRW 44.5 billion in cumulative investment, 5,344MW in total service volume, and the most used platform by power producers, we have a team with years of experience from diverse backgrounds including Seoul National University, UC Berkeley, EY, Mirae Asset, Samsung Electronics, and Tada.

Corner view of a modern building with solar panels installed on its roof against a blue sky.


What problems were you facing before implementing Cremit?

📌 Secret targeting by attackers

Attackers are constantly scouring public code repositories like GitHub for accidentally exposed secrets, such as credentials and API keys. Even minor mistakes, such as sharing secrets in internal messaging or collaboration tools, can create vulnerabilities that attackers may exploit.

📌 Threats don't have the solutions they deserve

Like many companies, we struggled with detecting and managing secrets and credentials across repositories, collaboration tools, and messaging platforms due to a lack of specialized solutions. That’s why we quickly chose Cremit. Its low cost, real-time detection and notifications, intuitive dashboard for at-a-glance status updates, and seamless integration made it an obvious choice.

What's your favorite feature of Cremit?

📌 Quick security improvements based on active Secret information

One of the fundamental features of Cremit for us are both the Secret and Sensitive Tables, which gives us an overview of where our credentials are exposed. In addition to showing us where a secret key is exposed, Cremit also tells us if the secret is active, so we can prioritize our actions. I open a ticket to the development team or other members who need to know which secret and credential values are active and take action based on where they are exposed.

Cremit UI: Secret detection list displaying page 1 of 15, with status, source, and type columns.

I especially like the fact that since the introduction of Cremit and its NHI Traceability, we can find sensitive secrets in source codes that were developed in the past but were not being maintained, clean them up, find the origin, and find improvement points. Also, the intuitive dashboard allows me to see what's going on, which is very helpful in improving the security of Enlighten.

What are your future plans for using Cremit?

We are committed to actively leveraging Cremit to support our developers, secure the services our members deliver to their customers, and identify outdated credentials no longer in use. Additionally, we will continue enhancing internal training, refining credential management guidelines, and reducing costs by cleaning up unused services. We believe that collaborating closely with Cremit will create valuable synergies throughout this process.


We're excited to have Cremit as a trusted partner to help secure the energy IT platform leader's journey.


Curious why Enlighten trusts Cremit to safeguard their credentials? Join them and take the first step toward securing yours!

Contact Us!

Unlock AI-Driven Insights to Master Non-Human Identity Risk.

Go beyond basic data; unlock the actionable AI-driven insights needed to proactively master and mitigate non-human identity risk

A dark-themed cybersecurity dashboard from Cremit showing non-human identity (NHI) data analysis. Key metrics include “Detected Secrets” (27 new) and “Found Sensitive Data” (58 new) from Jan 16–24, 2024. Two donut charts break down source types of detected secrets and sensitive data by platform: GitHub (15k), GetResponse (1,352), and Atera (352), totaling 16.9k. The dashboard includes a line graph showing trends in sensitive data over time, and bar charts showing the top 10 reasons for sensitive data detection—most prominently email addresses and various key types (API, RSA, PGP, SSH).

Blog

Explore more news & updates

Stay informed on the latest cyber threats and security trends shaping our industry.

OWASP NHI5:2025 Insecure Authorization Deep Dive
Explore OWASP NHI5: Insecure Authorization. See how Non-Human Identities gain excess privileges, causing breaches. Learn countermeasures like Zero Trust & least privilege.
OWASP NHI4:2025 Insecure Authentication Deep Dive Introduction: The Era of Non-Human Identities Beyond Humans
Deep dive into OWASP NHI4: Insecure Authentication. Understand the risks of NHIs, key vulnerabilities, and how Zero Trust helps protect your systems.
Secret Sprawl and Non-Human Identities: The Growing Security Challenge
Discover NHI sprawl vulnerabilities and how Cremit's detection tools safeguard your organization from credential exposure. Learn to manage NHI risks.
Navigating the Expanding AI Universe: Deepening Our Understanding of MCP, A2A, and the Imperative of Non-Human Identity Security
Delve into AI protocols MCP & A2A, their potential security risks for AI agents, and the increasing importance of securing Non-Human Identities (NHIs).
Stop Secrets Sprawl: Shifting Left for Effective Secret Detection
Leaked secrets threaten fast-paced development. Learn how Shift Left security integrates early secret detection in DevOps to prevent breaches & cut costs.
Hidden Dangers: Why Detecting Secrets in S3 Buckets is Critical
Learn critical strategies for detecting secrets in S3 buckets. Understand the risks of exposed NHI credentials & why proactive scanning is essential.
NHI2 2025: Secret Leakage – Understanding and Mitigating the Risks
NHI2 Secret Leakage: Exposed API keys and credentials threaten your business. Learn how to prevent unauthorized access, data breaches, and system disruption.
Stop the Sprawl: Introducing Cremit’s AWS S3 Non-Human Identity Detection
Cremit Launches AWS S3 Non-Human Identity (NHI) Detection to Boost Cloud Security
Human vs. Non-Human Identity: The Key Differentiators
Explore the critical differences between human and non-human digital identities, revealing hidden security risks and the importance of secret detection.
Wake-Up Call: tj-actions/changed-files Compromised NHIs
Learn from the tj-actions/changed-files compromise: CI/CD non-human identity (NHI) security risks, secret theft, and proactive hardening.
NHI 3 2025: 3rd Party Supply Chain Dangers
Discover the security risks of vulnerable third-party non-human identities (NHI3:2025) and learn effective strategies to protect your organization from this OWASP Top 10 threat.
Build vs. Buy: Making the Right Choice for Secrets Detection
Build vs. buy secrets detection: our expert guide compares costs, features, and ROI for in-house and commercial security platforms.
Bybit Hack Analysis: Strengthening Crypto Exchange Security
Bybit hacked! $1.4B crypto currency stolen! Exploited Safe{Wallet}, API key leak, AWS S3 breach? Exchange security is at stake! Check your security now!
Rising Data Breach Costs: Secret Detection's Role
Learn about the growing financial impact of data breaches and how secret detection and cybersecurity strategies can safeguard your data and business.
NHI1 2025: Improper Offboarding- A Comprehensive Overview
Discover how improper offboarding exposes credentials, leading to vulnerabilities like NHI sprawl, attack surface expansion, and compliance risks.
Behind the Code: Best Practices for Identifying Hidden Secrets
Improve code security with expert secret detection methods. Learn strategies to safeguard API keys, tokens, and certificates within your expanding cloud infrastructure.
Understanding the OWASP Non-Human Identities (NHI) Top 10 Threats
Understanding NHI OWASP Top 10: risks to non-human identities like APIs and keys. Covers weak authentication, insecure storage, and more.
Securing Your Software Pipeline: The Role of Secret Detection
Prevent secret leaks in your software pipeline. Discover how secret detection improves security, safeguards CI/CD, and prevents credential exposure.
What Is Secret Detection? A Beginner’s Guide
Cloud security demands secret detection. Learn its meaning and why it's essential for protecting sensitive data in today's cloud-driven organizations.
Full Version of Nebula – UI, New Features, and More!
Explore the features in Nebula’s full version, including a refined UI/UX, fine-grained access control, audit logs, and scalable plans for teams of all sizes.
Unveiling Nebula: An Open-Source MA-ABE Secrets Vault
Nebula is an open-source MA-ABE secrets vault offering granular access control, enhanced security, and secret management for developers and teams.
Vigilant Ally: Helping Developers Secure GitHub Secrets
The Vigilant Ally Initiative supports developers secure API keys, tokens, and credentials on GitHub, promoting secure coding and secrets management.
Cremit Joins AWS SaaS Spotlight Program
Cremit joins the AWS SaaS Spotlight Program to gain insights through mentorship and collaboration, driving innovation in AI-powered security solutions.
DevSecOps: Why start with Cremit
DevSecOps is security into development, improving safety with early vulnerability detection, remediation, and compliance, starting with credential checks.
Credential Leakage Risks Hiding in Frontend Code
Learn why credentials like API keys and tokens are critical for access control and the risks of exposure to secure your applications and systems effectively.
Introducing Probe! Cremit's New Detection Engine
Probe detects exposed credentials and sensitive data across cloud tools, automating validation and alerts, with AI-powered scanning for enhanced security.
Customer Interview: Insights from ENlighten
We interviewed Jinseok Yeo from ENlighten, Korea’s top energy IT platform, on how they secure credentials and secrets. Here’s their approach to security.
6 Essential Practices for Protecting Non-Human Identities
Safeguard your infrastructure: Learn 6 best practices to protect API keys, passwords & encryption keys with secure storage, access controls & rotation.
Microsoft Secrets Leak: A Cybersecurity Wake-Up Call
See how an employee error at Microsoft led to the exposure of sensitive secrets and 38 terabytes of data.