SlideShare ist ein Scribd-Unternehmen logo

Secrets are secrets. Please maintain them as secrets.

Alex Soto
Alex Soto

Everyone is talking about the microservices architecture, and how Docker can help DevOps deploy the services. Docker is often mentioned in conjunction with cluster managers like Kubernates, Marathon or Fleet. But, what about the secrets? The current trend increase the number of secrets required to run our services. This place a new level of maintenance on our security teams. How can we share and manage the secrets(certificates, passwords, keys) for our services in this kind of dynamic scenario; where instances are started automatically, where there are multiple instances of the same services for scalability reasons? Are you keeping up? Come to this session to see how you can manage your secrets with Vault; and make security a first class citizen in the development process.

Technologie
1 von 40
Downloaden Sie, um offline zu lesen
S E C R E T S A R E S E C R E T S . P L E A S E M A I N T A I N T H E M A S S E C R E T S .
 A L E X S O T O B - L O R D O F T H E J A R S . C O M  alexsotob  lordofthejars
 alexsotob  lordofthejars
W H O E N C R Y P T P A S S W O R D S I N R E S O U R C E F I L E S ?  alexsotob  lordofthejars
<<ResourceResource idid==”myds””myds” typetype==”DataSource””DataSource”>> JdbcDriver = org.hsqldb.jdbc.JDBCDriver JdbcDriver = org.hsqldb.jdbc.JDBCDriver JdbcUrl = jdbc:hsqldb:mem:my-datasource JdbcUrl = jdbc:hsqldb:mem:my-datasource Username = SA Username = SA Password = SA Password = SA </</ResourceResource>> A P A C H E T O M E E R E S O U R C E S  alexsotob  lordofthejars
<<ResourceResource idid==”myds””myds” typetype==”DataSource””DataSource”>> JdbcDriver = org.hsqldb.jdbc.JDBCDriver JdbcDriver = org.hsqldb.jdbc.JDBCDriver JdbcUrl = jdbc:hsqldb:mem:my-datasource JdbcUrl = jdbc:hsqldb:mem:my-datasource Username = SA Username = SA Password = xMH5uM1V9vQzVUv5LG7YLA== Password = xMH5uM1V9vQzVUv5LG7YLA== PasswordCipher = AES PasswordCipher = AES </</ResourceResource>> <<ResourceResource idid==”myresource””myresource” class-nameclass-name==""org.superbiz.VaultGatewayorg.superbiz.VaultGateway"">> //..... //..... VaultPassword = cipher:AES:xMH5uM1V9vQzVUv5LG7YLA== VaultPassword = cipher:AES:xMH5uM1V9vQzVUv5LG7YLA== </</ResourceResource>> A P A C H E T O M E E R E S O U R C E S  alexsotob  lordofthejars
publicpublic AESPasswordCipherAESPasswordCipher(()) {{ thisthis..key key == readKeyFromDiskreadKeyFromDisk(());; thisthis..secretKey secretKey == newnew SecretKeySpecSecretKeySpec((keykey,, "AES""AES"));; }} publicpublic String String decryptdecrypt((charchar[[]] chars chars)) {{ Cipher cipher Cipher cipher == Cipher Cipher..getInstancegetInstance(("AES""AES"));; cipher cipher..initinit((CipherCipher..DECRYPT_MODEDECRYPT_MODE,, secretKey secretKey));; byte byte[[]] raw raw == Base64 Base64..getDecodergetDecoder(())..decodedecode((toByteArraytoByteArray((charschars))));; byte byte[[]] stringBytes stringBytes == cipher cipher..doFinaldoFinal((rawraw));; String clearText String clearText == newnew StringString((stringBytesstringBytes,, "UTF8""UTF8"));; returnreturn clearText clearText;; }} publicpublic char char[[]] encryptencrypt((String sString s)) {{}} I M P L E M E N T A T I O N  alexsotob  lordofthejars
C H I C K E N - E G G P R O B L E M  alexsotob  lordofthejars
M O N O L I T H A R C H I T E C T U R E  alexsotob  lordofthejars
M I C R O S E R V I C E S A R C H I T E C T U R E ?  alexsotob  lordofthejars
https://vaultproject.io/ A T O O L F O R M A N A G I N G S E C R E T S  alexsotob  lordofthejars
V A U L T F E A T U R E S Secure Secret Storage  alexsotob  lordofthejars
V A U L T F E A T U R E S Secure Secret Storage Dynamic Secrets  alexsotob  lordofthejars
V A U L T F E A T U R E S Secure Secret Storage Dynamic Secrets Data Encryption  alexsotob  lordofthejars
V A U L T F E A T U R E S Secure Secret Storage Dynamic Secrets Data Encryption Leasing, Renewing, Revocation  alexsotob  lordofthejars
V A U L T F E A T U R E S Secure Secret Storage Dynamic Secrets Data Encryption Leasing, Renewing, Revocation Auditing  alexsotob  lordofthejars
V A U L T F E A T U R E S Secure Secret Storage Dynamic Secrets Data Encryption Leasing, Renewing, Revocation Auditing ACL  alexsotob  lordofthejars
V A U L T F E A T U R E S Secure Secret Storage Dynamic Secrets Data Encryption Leasing, Renewing, Revocation Auditing ACL Multiple Authentication Methods  alexsotob  lordofthejars
V A U L T F E A T U R E S Secure Secret Storage Dynamic Secrets Data Encryption Leasing, Renewing, Revocation Auditing ACL Multiple Authentication Methods  REST API  alexsotob  lordofthejars
S E C U R E S E C R E T S T O R A G E  alexsotob  lordofthejars
L E T ' S S E E I N A C T I O N  alexsotob  lordofthejars
M I C R O S E R V I C E S A P P R O A C H
A P P I D A U T H
A P P I D Random Unique Chunk  alexsotob  lordofthejars
A P P I D Random Unique Chunk Unique to Application (aka Service)  alexsotob  lordofthejars
A P P I D Random Unique Chunk Unique to Application (aka Service) Generated by Operator  alexsotob  lordofthejars
A P P I D Random Unique Chunk Unique to Application (aka Service) Generated by Operator Stored in Configuration Management  alexsotob  lordofthejars
U S E R I D Intrinsic Properties  alexsotob  lordofthejars
U S E R I D Intrinsic Properties Unique to Instance  alexsotob  lordofthejars
U S E R I D Intrinsic Properties Unique to Instance Generated by Cloud Init Script  alexsotob  lordofthejars
login E A C H S E R V I C E W I T H T U P L E { A P P I D , U S E R I D }  alexsotob  lordofthejars
L E T ' S S E E I N A C T I O N  alexsotob  lordofthejars
E X A M P L E W I T H D O C K E R
L E T ' S W I N D D O W N  alexsotob  lordofthejars
V A U L T I S A S E R V I C E  alexsotob  lordofthejars
T H E R E I S N O S I L V E R B U L L E T
Q U E S T I O N S  alexsotob  lordofthejars
 http://lordofthejars.github.io/vault_devoxx/  asotobu@gmail.com  alexsotob  lordofthejars

Empfohlen

Tea SpA a brief introduction
Tea SpA a brief introduction Tea SpA a brief introduction
Tea SpA a brief introduction
linus1978
 
Spectra A Brief Introduction
Spectra A Brief IntroductionSpectra A Brief Introduction
Spectra A Brief Introduction
NavneetNagpal
 
ICI Project 3 - The Project Brief
ICI Project 3 - The Project BriefICI Project 3 - The Project Brief
ICI Project 3 - The Project Brief
Ryan Kerry Jy
 
Melanie Smith: Spa Tourism
Melanie Smith: Spa TourismMelanie Smith: Spa Tourism
Melanie Smith: Spa Tourism
Serbia4Youth
 
Concept spa
Concept spaConcept spa
Concept spa
Bath thyme
 
Urban Design Quality. Church Fields, Boston Spa, a case study.
Urban Design Quality. Church Fields, Boston Spa, a case study.Urban Design Quality. Church Fields, Boston Spa, a case study.
Urban Design Quality. Church Fields, Boston Spa, a case study.
Homes and Communities Agency (HCA)
 
Spa industry
Spa industrySpa industry
Spa industry
bijitdevenio
 
Windflower Hill Spa resort, Kerala
Windflower Hill Spa resort, KeralaWindflower Hill Spa resort, Kerala
Windflower Hill Spa resort, Kerala
Abhiniti Garg
 

Empfohlen

Tea SpA a brief introduction
Tea SpA a brief introduction Tea SpA a brief introduction
Tea SpA a brief introduction
linus1978
 
Spectra A Brief Introduction
Spectra A Brief IntroductionSpectra A Brief Introduction
Spectra A Brief Introduction
NavneetNagpal
 
ICI Project 3 - The Project Brief
ICI Project 3 - The Project BriefICI Project 3 - The Project Brief
ICI Project 3 - The Project Brief
Ryan Kerry Jy
 
Melanie Smith: Spa Tourism
Melanie Smith: Spa TourismMelanie Smith: Spa Tourism
Melanie Smith: Spa Tourism
Serbia4Youth
 
Concept spa
Concept spaConcept spa
Concept spa
Bath thyme
 
Urban Design Quality. Church Fields, Boston Spa, a case study.
Urban Design Quality. Church Fields, Boston Spa, a case study.Urban Design Quality. Church Fields, Boston Spa, a case study.
Urban Design Quality. Church Fields, Boston Spa, a case study.
Homes and Communities Agency (HCA)
 
Spa industry
Spa industrySpa industry
Spa industry
bijitdevenio
 
Windflower Hill Spa resort, Kerala
Windflower Hill Spa resort, KeralaWindflower Hill Spa resort, Kerala
Windflower Hill Spa resort, Kerala
Abhiniti Garg
 
Salon Business Plan
Salon Business Plan Salon Business Plan
Salon Business Plan
Umesh Soni
 
Eco resorts-Indian Context
Eco resorts-Indian ContextEco resorts-Indian Context
Eco resorts-Indian Context
Director-Navnirman Bahu-Uddeshiya Mahila Sanstha,Suvarna Lele Architects.
 
resort casestudy
resort casestudyresort casestudy
resort casestudy
Ar. Sahid Akhtar
 
resort complex casestudy
resort complex casestudyresort complex casestudy
resort complex casestudy
Ar. Sahid Akhtar
 
Resort design pdf
Resort design pdfResort design pdf
Resort design pdf
AkatsukiSamui
 
Business Plan Presentation- " Beauty Salon Parlor "
Business Plan Presentation- " Beauty Salon Parlor "Business Plan Presentation- " Beauty Salon Parlor "
Business Plan Presentation- " Beauty Salon Parlor "
Kazi Reaz Rahman
 
Case study on Resort
Case study on ResortCase study on Resort
Case study on Resort
Imtiaz Ahmad
 
planning resort planning
planning resort planningplanning resort planning
planning resort planning
arq0407 Quinones
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
sudhanshuwaghmare1
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
wesley chun
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
Boston Institute of Analytics
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Khushali Kathiriya
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Juan lago vázquez
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Khem
 

Weitere ähnliche Inhalte

Andere mochten auch

Eco resorts-Indian Context
Eco resorts-Indian ContextEco resorts-Indian Context
Eco resorts-Indian Context
Director-Navnirman Bahu-Uddeshiya Mahila Sanstha,Suvarna Lele Architects.
 

Andere mochten auch (8)

Salon Business Plan
Salon Business Plan Salon Business Plan
Salon Business Plan
 
Eco resorts-Indian Context
Eco resorts-Indian ContextEco resorts-Indian Context
Eco resorts-Indian Context
 
resort casestudy
resort casestudyresort casestudy
resort casestudy
 
resort complex casestudy
resort complex casestudyresort complex casestudy
resort complex casestudy
 
Resort design pdf
Resort design pdfResort design pdf
Resort design pdf
 
Business Plan Presentation- " Beauty Salon Parlor "
Business Plan Presentation- " Beauty Salon Parlor "Business Plan Presentation- " Beauty Salon Parlor "
Business Plan Presentation- " Beauty Salon Parlor "
 
Case study on Resort
Case study on ResortCase study on Resort
Case study on Resort
 
planning resort planning
planning resort planningplanning resort planning
planning resort planning
 

Kürzlich hochgeladen

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 

Kürzlich hochgeladen (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 

Secrets are secrets. Please maintain them as secrets.