Managing Secrets - Vlad Matsiiako - ASW #327 - podcast episode cover

Managing Secrets - Vlad Matsiiako - ASW #327

Application Security Weekly (Audio)
Apr 22, 20251 hr 3 min
--:--
--:--
Listen in podcast apps:
Metacast
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

Secrets end up everywhere, from dev systems to CI/CD pipelines to services, certificates, and cloud environments. Vlad Matsiiako shares some of the tactics that make managing secrets more secure as we discuss the distinctions between secure architectures, good policies, and developer friendly tools. We've thankfully moved on from forced 90-day user password rotations, but that doesn't mean there isn't a place for rotating secrets. It means that the tooling and processes for ephemeral secrets should be based on secure, efficient mechanisms rather than putting all the burden on users. And it also means that managing secrets shouldn't become an unmanaged risk with new attack surfaces or new points of failure.

Segment Resources:

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw-327

For the best experience, listen in Metacast app for iOS or Android
Open in Metacast
Managing Secrets - Vlad Matsiiako - ASW #327 | Application Security Weekly (Audio) podcast - Listen or read transcript on Metacast