BSidesSF 2018 | Managing secrets in your cloud environment, with Evan Johnson
Applications often require access to sensitive data at build or run time, known as secrets. As a cloud application developer, you have many options to store these secrets, such as in code, environment variables, or purpose built solutions. We’ll discuss what a secret is, how secrets are stored today and some common mistakes in secret management, identity as it relates to accessing secrets, criteria to evaluate a secret management solution, and common solutions for containers in AWS, GCP, and Azure, and lastly, unsolved security risks.
Users should walk away from the talk as experts on secrets management in the cloud. How to improve their secret management practices, and understand their current security and usability tradeoffs.