SlideShare a Scribd company logo

CredHub and Secure Credential Management

VMware Tanzu
VMware Tanzu

SpringOne Platform 2017 Peter Blum, Pivotal; Scott Frederick, Pivotal From the platform all the way down to the microservices which run upon it, secrets are everywhere and leaking them can be a costly experience. Understanding security best practices, such as encrypting secrets while in transit; encrypting secrets at rest; rotating secrets regularly; preventing secrets from unintentionally leaking when consumed by the final application; and strictly adhering to the principle of least-privilege, where an application only has access to the secrets that it needs—no more, no less.....can be daunting. A new Cloud Foundry Foundation project, CredHub, was designed for these reasons. This session will take a fresh look at how to enhance security within Cloud Foundry and applications through secret management by utilizing CredHub in conjunction with Spring Cloud Services.

Technology
1 of 43
Download to read offline
CredHub and Secure Credential Management Scott Frederick @scottyfred 1 Peter Blum @_pblum
Agenda CredHub Why? What? Use cases BOSH credentials Application service binding credentials 2
Why? CredHub
Configuring Credentials 4 Verizon: Phone numbers, names and pin codes of of six million customers were left unsecured online for nine days. Accenture: Inadvertently left a massive store of private data across four unsecured cloud servers, exposing highly sensitive passwords and secret decryption keys. Equifax: Website Secured By The Worst Username And Password Possible - `admin`, `admin` Viacom: Owners of Paramount Pictures, Comedy Central, MTV, and hundreds of other properties—has exposed the keys to its kingdom on an unsecured Amazon S3 server.
Leaked Credentials 5 Uber: Breach occurred when hackers discovered that the company's developers had published code that included their usernames and passwords on a private account of the software repository Github. OneLogin breached: Hacker finds cleartext credential notepads Deloitte is a sitting duck: VPN and proxy 'login details leaked
Using Credentials 6 Equifax: Hackers roamed its systems undetected from mid-May through late July 2017, accessing files on nearly half the U.S. population. 14 Years to Discover Data Breach: Tewksbury Hospital in Massachusetts, where a clerk inappropriately accessed the records of more than 1,000 patients between 2003 and 2017 Compromised Data goes undetected for days: According to the latest Protenus Breach Barometer It took an average of 441 days for organizations to find out a breach occurred.
Central point for Credential: - Generation - Storage - Rotation - Logging - Access Control Goals 7 TimeCredential Config Credential Leaks TimeCredential Config Credential Leaks
User Groups 8 CredHub CLI BOSH REST API Operations - Infrastructure As Code Developers - SPRING!
What? Credhub
Architecture 10 CredHub CLI BOSH REST API Authentication Provider Encryption Provider (HSM) Backing SQL Database
Credential Types value - a simple string, used for configuration and other non-generated properties password - a simple string, used for generated secrets user - username and password pair json - a JSON object certificate - an object containing a root CA, certificate and private key rsa - an object containing an RSA public key and private key ssh - an object containing an SSH-formatted public key and private key 11 http://docs.cloudfoundry.org/credhub/credential-types.html
REST API - Secured via Mutual TLS, and/or OAuth2 with UAA - Get/Set/Generate/Delete Credential - Get/Add/Delete Permission - Interpolate VCAP_SERVICES https://credhub-api.cfapps.io 12
Java mapping to CredHub REST API ● supports all credential types and operations Spring Boot auto-configuration support Apps deployed to CF with Java Buildpack automatically negotiate mutual TLS 1.0.0.RELEASE coming soon 13
BOSH Credentials Use Cases
BOSH Deployments 15 CredHub BOSH Generate Cred Deploy Manifest Backing SQL Database Store Cred Return Cred Deployed Service with Deploy Service
$ bosh -e pcf -d pcf manifest BOSH Benefits 16 Simplified Deployment Manifests vs Relax Access to BOSH Director Enables Sharing of Deployment Manifests& $ bosh -e pcf -d pcf manifest vs
Availability Starting with Release Version 262 Starting in Pivotal CF 1.11 ● Ops Manager deploys CredHub with BOSH director 17
Secure Service Binding Credentials Use Cases
Service Bindings $ cf create-service service-name plan service-instance-name 19 $ cf bind-service app-name service-instance-name “credentials”: { “uri”: “https://service-6yQVNrhZVP.example.com”, “username”: “VofTuQk2BH”, “password”: “fRqah7Wygi” } Create Instance Provision Resources Details Cloud Controller Service Broker Create Binding Generate Credentials Credentials Cloud Controller Service Broker
Service Bindings $ cf env app-name “VCAP_SERVICES”: { “service-name”: [{ “credentials”: { “uri”: “https://service-6yQVNrhZVP.example.com”, “username”: “VofTuQk2BH”, “password”: “fRqah7Wygi” }, }] } 20
Where Binding Credentials Live 21 Cloud Controller database (encrypted) Cloud Controller REST API responses ● /v2/apps/:guid/env ● /v2/service_bindings/:guid Staged application droplets cf ssh Manual ssh Process Environment Application Memory
Service Bindings With CredHub 22 $ cf bind-service app-name service-instance-name create binding generate credentials credentials with credhub-ref PUT /data “credentials”: { “uri”: “https://service-6yQVNrhZVP.example.com”, “username”: “VofTuQk2BH”, “password”: “fRqah7Wygi” } “credentials”: { “credhub-ref”: “/c/my-broker/[instance-id]/[binding-id]/credentials” } Cloud Controller Service Broker CredHub
Service Bindings $ cf env app-name “VCAP_SERVICES”: { “service-name”: [{ “credentials”: { “credhub-ref”: “/c/my-broker/[instance-id]/[binding-id]/credentials” }, }] } 23
Credential Interpolation 24 CredHub “VCAP_SERVICES”: { “my-service”: [{ “credentials”: { “credhub-ref”: “/c/my-broker/1111/2222/credentials” }, }] } “VCAP_SERVICES”: { “service-name”: [{ “credentials”: { “uri”: “https://service-6yQVNrhZVP.example.com”, “username”: “VofTuQk2BH”, “password”: “fRqah7Wygi” }, }] } POST /interpolate interpolated credentials
Diego Cell Diego Assisted Credential Resolution CredHub 25 App cf push create env POST /interpolate VCAP_SERVICES Cloud Controller V##P_##### VCAP_SERVICESV##P_#####
Application Benefits of Using CredHub Cloud Controller database (encrypted) Cloud Controller REST API responses ● /v2/apps/:guid/env ● /v2/service_bindings/:guid Staged application droplets cf ssh 26 Assisted Mode
Non-Assisted Credential Resolution 27 Spring applications using Spring Cloud Connectors or Spring Boot ${vcap.service.} properties will have framework support to automate resolution CredHub POST /interpolate VCAP_SERVICES V##P_##### Diego Cell Diego App cf push create env Cloud Controller VCAP_SERVICESV##P_#####
Application Benefits of Using CredHub Cloud Controller database (encrypted) Cloud Controller REST API responses ● /v2/apps/:guid/env ● /v2/service_bindings/:guid Staged application droplets cf ssh 28 Assisted Mode Non-Assisted Mode Cloud Controller database (encrypted) Cloud Controller REST API responses ● /v2/apps/:guid/env ● /v2/service_bindings/:guid Staged application droplets cf ssh Manual ssh Process Environment Application Memory
Availability CredHub bits are included in cf-deployment since version v0.36.0 Deployment manifest customization required to enable secure service binding credentials workflow Starting in Pivotal CF 2.0 ● Secure service binding credentials support can be enabled or disabled in PAS tile configuration ● Assisted mode only 29 Service brokers will be updated to support secure binding credentials on their own release schedules
Learn More. Stay Connected. How to Build Spring Services for Cloud-Native Platforms Using the Open Service Broker API Matthew McNeeney, Sam Gunaratne Thursday 12:30 room 2004 30 #springone@s1p
STOP! Download Fonts Now PLEASE DOWNLOAD AND INSTALL PROXIMA NOVA FONTS BEFORE CREATING YOUR PRESENTATION. You can download the fonts here… https://brandfolder.com/pivotal Password: keepitsimple Fonts included in the ZIP file: Proxima Nova (headline and body text) http://www.fontspring.com/support/installing/how-do-i-install-fonts-on-my-mac http://www.fontspring.com/support/installing/how-do-i-install-fonts-on-my-windows- pc 31
Body Slide - Dark Background All body text is Proxima Nova Regular • Subhead (18pt) • Level Two (18pt) • Level Three (18pt) • Level Four (18pt) Use the “Decrease/Increase Indent” tools to change bullet levels • Click on the Home ribbon, Paragraph tab Line spacing is set in master slides 32
Two Columns – Dark Background Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque 33
Two Columns – Light Background Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque 34
Design Assets
Brand Colors SpringOne Platform 2017 Theme Colors 36 Spring Brand Color Pivotal Brand Color
Code Slide 37 // This is Andale Mono: 14pt or higher please public class TransferServiceImpl implements TransferService { public TransferServiceImpl(AccountRepository ar) { this.accountRepository = ar; } … }
Pivotal Logos on Dark Background 38 Looking for more Pivotal logos, PCF services icons, or OSS logos? Visit: brandfolder.com/pivotal-assets
Pivotal Logos on Light Background 39 Looking for more Pivotal logos, PCF services icons, or OSS logos? Visit: brandfolder.com/pivotal-assets
Event Logos 40
Spring Logo and Project Icons 41 Spring Framewor k Spring Securit y Sprin g Data Sprin g Batch Spring Integratio n Project Reacto r Sprin g AMQ P Spring Hateoas Spring Mobil e Spring Androi d Sprin g Social Spring Web Services Spring Web Flow Sprin g XD Sprin g Boot Sprin g LDAP Spring Tool Suite Spring Cloud Data Flow Spring Kafka Spring Cloud
Sample Table 42 2007 2008 2009 2010 Category 1 2.4 6.4 4.1 6.6 Category 2 8.2 4.5 3.2 3.8 Category 3 4.6 3.2 1.9 9.6 Category 4 6.7 3.3 3.4 2.2 Category 5 4.3 5.6 7.1 3.4
Sample Table 43 2007 2008 2009 2010 Category 1 2.4 6.4 4.1 6.6 Category 2 8.2 4.5 3.2 3.8 Category 3 4.6 3.2 1.9 9.6 Category 4 6.7 3.3 3.4 2.2 Category 5 4.3 5.6 7.1 3.4

Recommended

apidays London 2022 - Creating a high performing API Product Team, Ryan Cliff...
apidays London 2022 - Creating a high performing API Product Team, Ryan Cliff...apidays London 2022 - Creating a high performing API Product Team, Ryan Cliff...
apidays London 2022 - Creating a high performing API Product Team, Ryan Cliff...apidays
 
Data Integrity
Data IntegrityData Integrity
Data IntegrityDRASHTI PATEL
 
Spring Boot & Spring Cloud on Pivotal Application Service
Spring Boot & Spring Cloud on Pivotal Application ServiceSpring Boot & Spring Cloud on Pivotal Application Service
Spring Boot & Spring Cloud on Pivotal Application ServiceVMware Tanzu
 
CredHub and Secure Credential Management
CredHub and Secure Credential ManagementCredHub and Secure Credential Management
CredHub and Secure Credential ManagementVMware Tanzu
 
Spring Boot & Spring Cloud Apps on Pivotal Application Service - Daniel Lavoie
Spring Boot & Spring Cloud Apps on Pivotal Application Service - Daniel LavoieSpring Boot & Spring Cloud Apps on Pivotal Application Service - Daniel Lavoie
Spring Boot & Spring Cloud Apps on Pivotal Application Service - Daniel LavoieVMware Tanzu
 
Red Hat Openshift on Microsoft Azure
Red Hat Openshift on Microsoft AzureRed Hat Openshift on Microsoft Azure
Red Hat Openshift on Microsoft AzureJohn Archer
 
SpringOne Tour Denver - Spring Boot & Spring Cloud on Pivotal Application Ser...
SpringOne Tour Denver - Spring Boot & Spring Cloud on Pivotal Application Ser...SpringOne Tour Denver - Spring Boot & Spring Cloud on Pivotal Application Ser...
SpringOne Tour Denver - Spring Boot & Spring Cloud on Pivotal Application Ser...VMware Tanzu
 
Using CredHub for Kubernetes Deployments
Using CredHub for Kubernetes DeploymentsUsing CredHub for Kubernetes Deployments
Using CredHub for Kubernetes DeploymentsVMware Tanzu
 

Recommended

apidays London 2022 - Creating a high performing API Product Team, Ryan Cliff...
apidays London 2022 - Creating a high performing API Product Team, Ryan Cliff...apidays London 2022 - Creating a high performing API Product Team, Ryan Cliff...
apidays London 2022 - Creating a high performing API Product Team, Ryan Cliff...apidays
 
Data Integrity
Data IntegrityData Integrity
Data IntegrityDRASHTI PATEL
 
Spring Boot & Spring Cloud on Pivotal Application Service
Spring Boot & Spring Cloud on Pivotal Application ServiceSpring Boot & Spring Cloud on Pivotal Application Service
Spring Boot & Spring Cloud on Pivotal Application ServiceVMware Tanzu
 
CredHub and Secure Credential Management
CredHub and Secure Credential ManagementCredHub and Secure Credential Management
CredHub and Secure Credential ManagementVMware Tanzu
 
Spring Boot & Spring Cloud Apps on Pivotal Application Service - Daniel Lavoie
Spring Boot & Spring Cloud Apps on Pivotal Application Service - Daniel LavoieSpring Boot & Spring Cloud Apps on Pivotal Application Service - Daniel Lavoie
Spring Boot & Spring Cloud Apps on Pivotal Application Service - Daniel LavoieVMware Tanzu
 
Red Hat Openshift on Microsoft Azure
Red Hat Openshift on Microsoft AzureRed Hat Openshift on Microsoft Azure
Red Hat Openshift on Microsoft AzureJohn Archer
 
SpringOne Tour Denver - Spring Boot & Spring Cloud on Pivotal Application Ser...
SpringOne Tour Denver - Spring Boot & Spring Cloud on Pivotal Application Ser...SpringOne Tour Denver - Spring Boot & Spring Cloud on Pivotal Application Ser...
SpringOne Tour Denver - Spring Boot & Spring Cloud on Pivotal Application Ser...VMware Tanzu
 
Using CredHub for Kubernetes Deployments
Using CredHub for Kubernetes DeploymentsUsing CredHub for Kubernetes Deployments
Using CredHub for Kubernetes DeploymentsVMware Tanzu
 
Serverless - minimizing the attack surface
Serverless - minimizing the attack surfaceServerless - minimizing the attack surface
Serverless - minimizing the attack surfaceAvi Shulman
 
Spring and Pivotal Application Service - SpringOne Tour Dallas
Spring and Pivotal Application Service - SpringOne Tour DallasSpring and Pivotal Application Service - SpringOne Tour Dallas
Spring and Pivotal Application Service - SpringOne Tour DallasVMware Tanzu
 
How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?Graham Charters
 
OpenShift Meetup - Tokyo - Service Mesh and Serverless Overview
OpenShift Meetup - Tokyo - Service Mesh and Serverless OverviewOpenShift Meetup - Tokyo - Service Mesh and Serverless Overview
OpenShift Meetup - Tokyo - Service Mesh and Serverless OverviewMaría Angélica Bracho
 
Secure Credential Management with CredHub - Eoghan Kelleher
Secure Credential Management with CredHub - Eoghan KelleherSecure Credential Management with CredHub - Eoghan Kelleher
Secure Credential Management with CredHub - Eoghan KelleherVMware Tanzu
 
batbern43 Self Service on a Big Data Platform
batbern43 Self Service on a Big Data Platformbatbern43 Self Service on a Big Data Platform
batbern43 Self Service on a Big Data PlatformBATbern
 
Secure Configuration and Automation Overview
Secure Configuration and Automation OverviewSecure Configuration and Automation Overview
Secure Configuration and Automation OverviewAmazon Web Services
 
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)QAware GmbH
 
Cisco Managed Private Cloud in Your Data Center: Public cloud experience on ...
Cisco Managed Private Cloud in Your Data Center: Public cloud experience on ...Cisco Managed Private Cloud in Your Data Center: Public cloud experience on ...
Cisco Managed Private Cloud in Your Data Center: Public cloud experience on ...Cisco DevNet
 
Z101666 best practices for delivering hybrid cloud capability with apis
Z101666 best practices for delivering hybrid cloud capability with apisZ101666 best practices for delivering hybrid cloud capability with apis
Z101666 best practices for delivering hybrid cloud capability with apisTeodoro Cipresso
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityCA API Management
 
Pivoting Spring XD to Spring Cloud Data Flow with Sabby Anandan
Pivoting Spring XD to Spring Cloud Data Flow with Sabby AnandanPivoting Spring XD to Spring Cloud Data Flow with Sabby Anandan
Pivoting Spring XD to Spring Cloud Data Flow with Sabby AnandanPivotalOpenSourceHub
 
Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan
Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan
Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan VMware Tanzu
 
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...Peter Selch Dahl
 
PeopleSoft: HACK THE Planet^W university
PeopleSoft: HACK THE Planet^W universityPeopleSoft: HACK THE Planet^W university
PeopleSoft: HACK THE Planet^W universityDmitry Iudin
 
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak
 
CI and CD with Spinnaker
CI and CD with SpinnakerCI and CD with Spinnaker
CI and CD with SpinnakerVMware Tanzu
 
GlueCon 2018: Are REST APIs Still Relevant Today?
GlueCon 2018: Are REST APIs Still Relevant Today?GlueCon 2018: Are REST APIs Still Relevant Today?
GlueCon 2018: Are REST APIs Still Relevant Today?LaunchAny
 
Spring and Pivotal Application Service - SpringOne Tour - Boston
Spring and Pivotal Application Service - SpringOne Tour - BostonSpring and Pivotal Application Service - SpringOne Tour - Boston
Spring and Pivotal Application Service - SpringOne Tour - BostonVMware Tanzu
 
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...Amazon Web Services
 
What AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItWhat AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItVMware Tanzu
 
Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023VMware Tanzu
 

More Related Content

Similar to CredHub and Secure Credential Management

Serverless - minimizing the attack surface
Serverless - minimizing the attack surfaceServerless - minimizing the attack surface
Serverless - minimizing the attack surfaceAvi Shulman
 
Spring and Pivotal Application Service - SpringOne Tour Dallas
Spring and Pivotal Application Service - SpringOne Tour DallasSpring and Pivotal Application Service - SpringOne Tour Dallas
Spring and Pivotal Application Service - SpringOne Tour DallasVMware Tanzu
 
How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?Graham Charters
 
OpenShift Meetup - Tokyo - Service Mesh and Serverless Overview
OpenShift Meetup - Tokyo - Service Mesh and Serverless OverviewOpenShift Meetup - Tokyo - Service Mesh and Serverless Overview
OpenShift Meetup - Tokyo - Service Mesh and Serverless OverviewMaría Angélica Bracho
 
Secure Credential Management with CredHub - Eoghan Kelleher
Secure Credential Management with CredHub - Eoghan KelleherSecure Credential Management with CredHub - Eoghan Kelleher
Secure Credential Management with CredHub - Eoghan KelleherVMware Tanzu
 
batbern43 Self Service on a Big Data Platform
batbern43 Self Service on a Big Data Platformbatbern43 Self Service on a Big Data Platform
batbern43 Self Service on a Big Data PlatformBATbern
 
Secure Configuration and Automation Overview
Secure Configuration and Automation OverviewSecure Configuration and Automation Overview
Secure Configuration and Automation OverviewAmazon Web Services
 
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)QAware GmbH
 
Cisco Managed Private Cloud in Your Data Center: Public cloud experience on ...
Cisco Managed Private Cloud in Your Data Center: Public cloud experience on ...Cisco Managed Private Cloud in Your Data Center: Public cloud experience on ...
Cisco Managed Private Cloud in Your Data Center: Public cloud experience on ...Cisco DevNet
 
Z101666 best practices for delivering hybrid cloud capability with apis
Z101666 best practices for delivering hybrid cloud capability with apisZ101666 best practices for delivering hybrid cloud capability with apis
Z101666 best practices for delivering hybrid cloud capability with apisTeodoro Cipresso
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityCA API Management
 
Pivoting Spring XD to Spring Cloud Data Flow with Sabby Anandan
Pivoting Spring XD to Spring Cloud Data Flow with Sabby AnandanPivoting Spring XD to Spring Cloud Data Flow with Sabby Anandan
Pivoting Spring XD to Spring Cloud Data Flow with Sabby AnandanPivotalOpenSourceHub
 
Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan
Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan
Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan VMware Tanzu
 
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...Peter Selch Dahl
 
PeopleSoft: HACK THE Planet^W university
PeopleSoft: HACK THE Planet^W universityPeopleSoft: HACK THE Planet^W university
PeopleSoft: HACK THE Planet^W universityDmitry Iudin
 
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak
 
CI and CD with Spinnaker
CI and CD with SpinnakerCI and CD with Spinnaker
CI and CD with SpinnakerVMware Tanzu
 
GlueCon 2018: Are REST APIs Still Relevant Today?
GlueCon 2018: Are REST APIs Still Relevant Today?GlueCon 2018: Are REST APIs Still Relevant Today?
GlueCon 2018: Are REST APIs Still Relevant Today?LaunchAny
 
Spring and Pivotal Application Service - SpringOne Tour - Boston
Spring and Pivotal Application Service - SpringOne Tour - BostonSpring and Pivotal Application Service - SpringOne Tour - Boston
Spring and Pivotal Application Service - SpringOne Tour - BostonVMware Tanzu
 
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...Amazon Web Services
 

Similar to CredHub and Secure Credential Management (20)

Serverless - minimizing the attack surface
Serverless - minimizing the attack surfaceServerless - minimizing the attack surface
Serverless - minimizing the attack surface
 
Spring and Pivotal Application Service - SpringOne Tour Dallas
Spring and Pivotal Application Service - SpringOne Tour DallasSpring and Pivotal Application Service - SpringOne Tour Dallas
Spring and Pivotal Application Service - SpringOne Tour Dallas
 
How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?
 
OpenShift Meetup - Tokyo - Service Mesh and Serverless Overview
OpenShift Meetup - Tokyo - Service Mesh and Serverless OverviewOpenShift Meetup - Tokyo - Service Mesh and Serverless Overview
OpenShift Meetup - Tokyo - Service Mesh and Serverless Overview
 
Secure Credential Management with CredHub - Eoghan Kelleher
Secure Credential Management with CredHub - Eoghan KelleherSecure Credential Management with CredHub - Eoghan Kelleher
Secure Credential Management with CredHub - Eoghan Kelleher
 
batbern43 Self Service on a Big Data Platform
batbern43 Self Service on a Big Data Platformbatbern43 Self Service on a Big Data Platform
batbern43 Self Service on a Big Data Platform
 
Secure Configuration and Automation Overview
Secure Configuration and Automation OverviewSecure Configuration and Automation Overview
Secure Configuration and Automation Overview
 
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
 
Cisco Managed Private Cloud in Your Data Center: Public cloud experience on ...
Cisco Managed Private Cloud in Your Data Center: Public cloud experience on ...Cisco Managed Private Cloud in Your Data Center: Public cloud experience on ...
Cisco Managed Private Cloud in Your Data Center: Public cloud experience on ...
 
Z101666 best practices for delivering hybrid cloud capability with apis
Z101666 best practices for delivering hybrid cloud capability with apisZ101666 best practices for delivering hybrid cloud capability with apis
Z101666 best practices for delivering hybrid cloud capability with apis
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
 
Pivoting Spring XD to Spring Cloud Data Flow with Sabby Anandan
Pivoting Spring XD to Spring Cloud Data Flow with Sabby AnandanPivoting Spring XD to Spring Cloud Data Flow with Sabby Anandan
Pivoting Spring XD to Spring Cloud Data Flow with Sabby Anandan
 
Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan
Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan
Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan
 
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
 
PeopleSoft: HACK THE Planet^W university
PeopleSoft: HACK THE Planet^W universityPeopleSoft: HACK THE Planet^W university
PeopleSoft: HACK THE Planet^W university
 
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud Management
 
CI and CD with Spinnaker
CI and CD with SpinnakerCI and CD with Spinnaker
CI and CD with Spinnaker
 
GlueCon 2018: Are REST APIs Still Relevant Today?
GlueCon 2018: Are REST APIs Still Relevant Today?GlueCon 2018: Are REST APIs Still Relevant Today?
GlueCon 2018: Are REST APIs Still Relevant Today?
 
Spring and Pivotal Application Service - SpringOne Tour - Boston
Spring and Pivotal Application Service - SpringOne Tour - BostonSpring and Pivotal Application Service - SpringOne Tour - Boston
Spring and Pivotal Application Service - SpringOne Tour - Boston
 
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...
 

More from VMware Tanzu

What AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItWhat AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItVMware Tanzu
 
Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023VMware Tanzu
 
Enhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at ScaleEnhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at ScaleVMware Tanzu
 
Spring Update | July 2023
Spring Update | July 2023Spring Update | July 2023
Spring Update | July 2023VMware Tanzu
 
Platforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a ProductPlatforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a ProductVMware Tanzu
 
Building Cloud Ready Apps
Building Cloud Ready AppsBuilding Cloud Ready Apps
Building Cloud Ready AppsVMware Tanzu
 
Spring Boot 3 And Beyond
Spring Boot 3 And BeyondSpring Boot 3 And Beyond
Spring Boot 3 And BeyondVMware Tanzu
 
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdfSpring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdfVMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023VMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023VMware Tanzu
 
tanzu_developer_connect.pptx
tanzu_developer_connect.pptxtanzu_developer_connect.pptx
tanzu_developer_connect.pptxVMware Tanzu
 
Tanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - FrenchTanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - FrenchVMware Tanzu
 
Tanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishTanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishVMware Tanzu
 
Virtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVirtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVMware Tanzu
 
Tanzu Developer Connect - French
Tanzu Developer Connect - FrenchTanzu Developer Connect - French
Tanzu Developer Connect - FrenchVMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023VMware Tanzu
 
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring BootSpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring BootVMware Tanzu
 
SpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerSpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerVMware Tanzu
 
SpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs PracticeSpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs PracticeVMware Tanzu
 
SpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense SolutionsSpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense SolutionsVMware Tanzu
 

More from VMware Tanzu (20)

What AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItWhat AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About It
 
Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023
 
Enhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at ScaleEnhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at Scale
 
Spring Update | July 2023
Spring Update | July 2023Spring Update | July 2023
Spring Update | July 2023
 
Platforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a ProductPlatforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a Product
 
Building Cloud Ready Apps
Building Cloud Ready AppsBuilding Cloud Ready Apps
Building Cloud Ready Apps
 
Spring Boot 3 And Beyond
Spring Boot 3 And BeyondSpring Boot 3 And Beyond
Spring Boot 3 And Beyond
 
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdfSpring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
 
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
 
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
 
tanzu_developer_connect.pptx
tanzu_developer_connect.pptxtanzu_developer_connect.pptx
tanzu_developer_connect.pptx
 
Tanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - FrenchTanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - French
 
Tanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishTanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - English
 
Virtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVirtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - English
 
Tanzu Developer Connect - French
Tanzu Developer Connect - FrenchTanzu Developer Connect - French
Tanzu Developer Connect - French
 
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
 
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring BootSpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
 
SpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerSpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software Engineer
 
SpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs PracticeSpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs Practice
 
SpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense SolutionsSpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
 

Recently uploaded

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 

Recently uploaded (20)

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 

CredHub and Secure Credential Management

  • 1. CredHub and Secure Credential Management Scott Frederick @scottyfred 1 Peter Blum @_pblum
  • 4. Configuring Credentials 4 Verizon: Phone numbers, names and pin codes of of six million customers were left unsecured online for nine days. Accenture: Inadvertently left a massive store of private data across four unsecured cloud servers, exposing highly sensitive passwords and secret decryption keys. Equifax: Website Secured By The Worst Username And Password Possible - `admin`, `admin` Viacom: Owners of Paramount Pictures, Comedy Central, MTV, and hundreds of other properties—has exposed the keys to its kingdom on an unsecured Amazon S3 server.
  • 5. Leaked Credentials 5 Uber: Breach occurred when hackers discovered that the company's developers had published code that included their usernames and passwords on a private account of the software repository Github. OneLogin breached: Hacker finds cleartext credential notepads Deloitte is a sitting duck: VPN and proxy 'login details leaked
  • 6. Using Credentials 6 Equifax: Hackers roamed its systems undetected from mid-May through late July 2017, accessing files on nearly half the U.S. population. 14 Years to Discover Data Breach: Tewksbury Hospital in Massachusetts, where a clerk inappropriately accessed the records of more than 1,000 patients between 2003 and 2017 Compromised Data goes undetected for days: According to the latest Protenus Breach Barometer It took an average of 441 days for organizations to find out a breach occurred.
  • 7. Central point for Credential: - Generation - Storage - Rotation - Logging - Access Control Goals 7 TimeCredential Config Credential Leaks TimeCredential Config Credential Leaks
  • 8. User Groups 8 CredHub CLI BOSH REST API Operations - Infrastructure As Code Developers - SPRING!
  • 11. Credential Types value - a simple string, used for configuration and other non-generated properties password - a simple string, used for generated secrets user - username and password pair json - a JSON object certificate - an object containing a root CA, certificate and private key rsa - an object containing an RSA public key and private key ssh - an object containing an SSH-formatted public key and private key 11 http://docs.cloudfoundry.org/credhub/credential-types.html
  • 12. REST API - Secured via Mutual TLS, and/or OAuth2 with UAA - Get/Set/Generate/Delete Credential - Get/Add/Delete Permission - Interpolate VCAP_SERVICES https://credhub-api.cfapps.io 12
  • 13. Java mapping to CredHub REST API ● supports all credential types and operations Spring Boot auto-configuration support Apps deployed to CF with Java Buildpack automatically negotiate mutual TLS 1.0.0.RELEASE coming soon 13
  • 15. BOSH Deployments 15 CredHub BOSH Generate Cred Deploy Manifest Backing SQL Database Store Cred Return Cred Deployed Service with Deploy Service
  • 16. $ bosh -e pcf -d pcf manifest BOSH Benefits 16 Simplified Deployment Manifests vs Relax Access to BOSH Director Enables Sharing of Deployment Manifests& $ bosh -e pcf -d pcf manifest vs
  • 17. Availability Starting with Release Version 262 Starting in Pivotal CF 1.11 ● Ops Manager deploys CredHub with BOSH director 17
  • 19. Service Bindings $ cf create-service service-name plan service-instance-name 19 $ cf bind-service app-name service-instance-name “credentials”: { “uri”: “https://service-6yQVNrhZVP.example.com”, “username”: “VofTuQk2BH”, “password”: “fRqah7Wygi” } Create Instance Provision Resources Details Cloud Controller Service Broker Create Binding Generate Credentials Credentials Cloud Controller Service Broker
  • 20. Service Bindings $ cf env app-name “VCAP_SERVICES”: { “service-name”: [{ “credentials”: { “uri”: “https://service-6yQVNrhZVP.example.com”, “username”: “VofTuQk2BH”, “password”: “fRqah7Wygi” }, }] } 20
  • 21. Where Binding Credentials Live 21 Cloud Controller database (encrypted) Cloud Controller REST API responses ● /v2/apps/:guid/env ● /v2/service_bindings/:guid Staged application droplets cf ssh Manual ssh Process Environment Application Memory
  • 22. Service Bindings With CredHub 22 $ cf bind-service app-name service-instance-name create binding generate credentials credentials with credhub-ref PUT /data “credentials”: { “uri”: “https://service-6yQVNrhZVP.example.com”, “username”: “VofTuQk2BH”, “password”: “fRqah7Wygi” } “credentials”: { “credhub-ref”: “/c/my-broker/[instance-id]/[binding-id]/credentials” } Cloud Controller Service Broker CredHub
  • 23. Service Bindings $ cf env app-name “VCAP_SERVICES”: { “service-name”: [{ “credentials”: { “credhub-ref”: “/c/my-broker/[instance-id]/[binding-id]/credentials” }, }] } 23
  • 24. Credential Interpolation 24 CredHub “VCAP_SERVICES”: { “my-service”: [{ “credentials”: { “credhub-ref”: “/c/my-broker/1111/2222/credentials” }, }] } “VCAP_SERVICES”: { “service-name”: [{ “credentials”: { “uri”: “https://service-6yQVNrhZVP.example.com”, “username”: “VofTuQk2BH”, “password”: “fRqah7Wygi” }, }] } POST /interpolate interpolated credentials
  • 25. Diego Cell Diego Assisted Credential Resolution CredHub 25 App cf push create env POST /interpolate VCAP_SERVICES Cloud Controller V##P_##### VCAP_SERVICESV##P_#####
  • 26. Application Benefits of Using CredHub Cloud Controller database (encrypted) Cloud Controller REST API responses ● /v2/apps/:guid/env ● /v2/service_bindings/:guid Staged application droplets cf ssh 26 Assisted Mode
  • 27. Non-Assisted Credential Resolution 27 Spring applications using Spring Cloud Connectors or Spring Boot ${vcap.service.} properties will have framework support to automate resolution CredHub POST /interpolate VCAP_SERVICES V##P_##### Diego Cell Diego App cf push create env Cloud Controller VCAP_SERVICESV##P_#####
  • 28. Application Benefits of Using CredHub Cloud Controller database (encrypted) Cloud Controller REST API responses ● /v2/apps/:guid/env ● /v2/service_bindings/:guid Staged application droplets cf ssh 28 Assisted Mode Non-Assisted Mode Cloud Controller database (encrypted) Cloud Controller REST API responses ● /v2/apps/:guid/env ● /v2/service_bindings/:guid Staged application droplets cf ssh Manual ssh Process Environment Application Memory
  • 29. Availability CredHub bits are included in cf-deployment since version v0.36.0 Deployment manifest customization required to enable secure service binding credentials workflow Starting in Pivotal CF 2.0 ● Secure service binding credentials support can be enabled or disabled in PAS tile configuration ● Assisted mode only 29 Service brokers will be updated to support secure binding credentials on their own release schedules
  • 30. Learn More. Stay Connected. How to Build Spring Services for Cloud-Native Platforms Using the Open Service Broker API Matthew McNeeney, Sam Gunaratne Thursday 12:30 room 2004 30 #springone@s1p
  • 31. STOP! Download Fonts Now PLEASE DOWNLOAD AND INSTALL PROXIMA NOVA FONTS BEFORE CREATING YOUR PRESENTATION. You can download the fonts here… https://brandfolder.com/pivotal Password: keepitsimple Fonts included in the ZIP file: Proxima Nova (headline and body text) http://www.fontspring.com/support/installing/how-do-i-install-fonts-on-my-mac http://www.fontspring.com/support/installing/how-do-i-install-fonts-on-my-windows- pc 31
  • 32. Body Slide - Dark Background All body text is Proxima Nova Regular • Subhead (18pt) • Level Two (18pt) • Level Three (18pt) • Level Four (18pt) Use the “Decrease/Increase Indent” tools to change bullet levels • Click on the Home ribbon, Paragraph tab Line spacing is set in master slides 32
  • 33. Two Columns – Dark Background Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque 33
  • 34. Two Columns – Light Background Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque 34
  • 36. Brand Colors SpringOne Platform 2017 Theme Colors 36 Spring Brand Color Pivotal Brand Color
  • 37. Code Slide 37 // This is Andale Mono: 14pt or higher please public class TransferServiceImpl implements TransferService { public TransferServiceImpl(AccountRepository ar) { this.accountRepository = ar; } … }
  • 38. Pivotal Logos on Dark Background 38 Looking for more Pivotal logos, PCF services icons, or OSS logos? Visit: brandfolder.com/pivotal-assets
  • 39. Pivotal Logos on Light Background 39 Looking for more Pivotal logos, PCF services icons, or OSS logos? Visit: brandfolder.com/pivotal-assets
  • 41. Spring Logo and Project Icons 41 Spring Framewor k Spring Securit y Sprin g Data Sprin g Batch Spring Integratio n Project Reacto r Sprin g AMQ P Spring Hateoas Spring Mobil e Spring Androi d Sprin g Social Spring Web Services Spring Web Flow Sprin g XD Sprin g Boot Sprin g LDAP Spring Tool Suite Spring Cloud Data Flow Spring Kafka Spring Cloud
  • 42. Sample Table 42 2007 2008 2009 2010 Category 1 2.4 6.4 4.1 6.6 Category 2 8.2 4.5 3.2 3.8 Category 3 4.6 3.2 1.9 9.6 Category 4 6.7 3.3 3.4 2.2 Category 5 4.3 5.6 7.1 3.4
  • 43. Sample Table 43 2007 2008 2009 2010 Category 1 2.4 6.4 4.1 6.6 Category 2 8.2 4.5 3.2 3.8 Category 3 4.6 3.2 1.9 9.6 Category 4 6.7 3.3 3.4 2.2 Category 5 4.3 5.6 7.1 3.4