Psst... Secrets Handling for Cloud-Native Apps - Part 1

Support Mobycast
-> https://glow.fm/mobycast <-

In this episode, we cover the following topics:

• What is secrets management and why we need it for our cloud-native applications.
• Guidelines for best practices when handling secrets.
• We walkthrough a simple, roll-your-own approach to secrets management using encryption (KMS) and an object store (S3).
  • Although this is a simple technique, it does provide a very secure (and auditable) approach to secrets handling.
• But, for most situtations, you'll want to leverage an off-the-shelf secrets management solution. We discuss 3 popular choices, including Hashicorp Vault, AWS Systems Manager Parameter Store and Amazon Secrets Manager.
• What are the features you should expect from a secrets management solution.
• We take a closer look at Vault, Parameter Store and Secrets Manager, and discuss the features that each provides.
• We finish with some guidance on how to make the right choice of secrets management solution for your applications.

Links

• Secrets Management for Cloud-Native Applications
• Vault - Unlocking the Cloud Operating Model: Security
• AWS Systems Manager Parameter Store
• How AWS Systems Manager Parameter Store Uses AWS KMS
• Introducing AWS Secrets Manager
• AWS Secrets Manager
• How AWS Secrets Manager Uses AWS KMS
• Rotating Your AWS Secrets Manager Secrets
• Tutorial: Specifying Sensitive Data Using Secrets Manager Secrets
• AWS Secrets Manager now supports VPC endpoint policies
• How to Manage Secrets for Amazon EC2 Container Service–Based Applications by Using Amazon S3 and Docker
  
  

End Song
Warming Trend by Aphreaq

More Info

For a full transcription of this episode, please visit the episode webpage.

We'd love to hear from you! You can reach us at:

• Web: https://mobycast.fm
• Voicemail: 844-818-0993
• Email: ask@mobycast.fm
• Twitter: https://twitter.com/hashtag/mobycast
• Reddit: https://reddit.com/r/mobycast