Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Mongo DB + CredHub = secure by default data services on PCF

141 Aufrufe

Veröffentlicht am

SpringOne Platform 2018
Mongo DB + CredHub = secure by default data services on PCF
Diana Esteves, MongoDB
Peter Blum, Pivotal

Veröffentlicht in: Software
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

Mongo DB + CredHub = secure by default data services on PCF

  1. 1. MongoDB + Credhub = Secure By Default Peter Blum Pivotal @_pblum Diana Esteves MongoDB @null_string
  2. 2. Unless otherwise indicated, these slides are © 2013-2017 Pivotal Software, Inc. and licensed under a Creative Commons Attribution- NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Agenda @buildPOC @pushProd @behindTheScenes @summary 2
  3. 3. Unless otherwise indicated, these slides are © 2013-2017 Pivotal Software, Inc. and licensed under a Creative Commons Attribution- NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Database Event Store @buildPOC PUT {event} GET {event} ...
  4. 4. Unless otherwise indicated, these slides are © 2013-2017 Pivotal Software, Inc. and licensed under a Creative Commons Attribution- NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ @getMongo Atlas MongoDB as a Service Cloud Agnostic GCP AWS Azure Secure By Default IP Whitelisting LDAP Encrypted Backups Value Self Service Database Access Best Practices From Day 0 Drives Focus To Development https://www.mongodb.com/cloud/atlas
  5. 5. > AtlasTime
  6. 6. Unless otherwise indicated, these slides are © 2013-2017 Pivotal Software, Inc. and licensed under a Creative Commons Attribution- NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ @springboot 6 Where do we start? https://start.spring.io
  7. 7. > SpringTime
  8. 8. Unless otherwise indicated, these slides are © 2013-2017 Pivotal Software, Inc. and licensed under a Creative Commons Attribution- NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ @pushToProd Where is my @MakeItSecure!!? 8 Where are they stored? How did you get them? How long are they valid for? How do we rotate them? Hold on there….tell me about those credentials!
  9. 9. Unless otherwise indicated, these slides are © 2013-2017 Pivotal Software, Inc. and licensed under a Creative Commons Attribution- NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ MongoDB Atlas Service Broker #toTheRescue Where are they stored? Encrypted Store - Credhub! Not in the env Not accessible via ssh How did you get them? System generated 32 char password Never exposed to any humans or emails How long are they valid for? As long as the security admins deem necessary How do we rotate them? 2 Simple commands, unbind & bind https://github.com/desteves/mongodb-atlas-service-broker
  10. 10. Unless otherwise indicated, these slides are © 2013-2017 Pivotal Software, Inc. and licensed under a Creative Commons Attribution- NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ MongoDB Atlas Service Broker #toTheRescue Database Event Store
  11. 11. > ProdTime
  12. 12. Unless otherwise indicated, these slides are © 2013-2017 Pivotal Software, Inc. and licensed under a Creative Commons Attribution- NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ #SecretSauce 12 Generate Any Credential Passwords Certificates RSA/SSH keys JSONs Native Integrations BOSH Cloud Controllers Cloud Foundry Kubernetes... Secured API mTLS oAuth2
  13. 13. Unless otherwise indicated, these slides are © 2013-2017 Pivotal Software, Inc. and licensed under a Creative Commons Attribution- NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Installing The Service Broker 13 https://github.com/desteves/mongodb-atlas-service-broker-tile
  14. 14. Unless otherwise indicated, these slides are © 2013-2017 Pivotal Software, Inc. and licensed under a Creative Commons Attribution- NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Installing The Service Broker 14 https://github.com/desteves/mongodb-atlas-service-broker-tile Username to login to Atlas API Key used to login to Atlas ProjectID in which MDB clusters will be deployed
  15. 15. Unless otherwise indicated, these slides are © 2013-2017 Pivotal Software, Inc. and licensed under a Creative Commons Attribution- NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ 15 MongoDB Atlas SB MongoDB Atlas SB PCF PCF PCF PCF Credentials in ENV Opportunity for Credential Leaks Code Change Required false true true false Where do you want to be? Security without developer overhead!
  16. 16. Unless otherwise indicated, these slides are © 2013-2017 Pivotal Software, Inc. and licensed under a Creative Commons Attribution- NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Questions & Answers #springone@s1p
  17. 17. Learn More. Stay Connected. • Using CredHub for Kubernetes Deployments • CredHub and Secure Credential Management • Next Generation MongoDB: Sessions, Streams, Transactions 17 #springone@s1p

×