4it techELITE – Secure Secrets Management
A forum for sharing deepdives into technical issues in the world of IT.
|6:05pm||Jake Hall “Secrets are hard to manage…”|
|6:40pm||Followed by Q&A|
4it techELITE is designed to provide a non-commercial forum for the presentation and exchange of ideas relating to current technical issues in the world of IT.
Jake Hall, Principal Consultant at Infinity Works: “Secrets are hard to manage…”
Secrets are everywhere and needed for everything from connecting to third parties to local databases.
It’s all too easy to end up with plaintext passwords in Git, have a number of static credentials that may or may not be the same across multiple environments or have no secret rolling strategy at all.
Using Jakes learnings over the past 6 years of consulting and seeing it done the wrong way (and having to correct it!), this talk shows how to manage your passwords, connection details, API tokens and other application secrets in a more secure way.
It also includes a look at Hashicorp Vault, including some of the lesser known features, and a live demo of how it works.
Jake mentions a couple of links in his talk, they are here:
And you can find more on Jake here: https://www.devseccon.com/tel-aviv-2019/speaker/jake-hall/
Principal Consultant at Infinity Works
Jake is a Consultant Platform engineer. He specialises in transforming company cultures towards a more Agile and DevOps mindset. This includes changing ways of working, building tools and implementing continuous deployment pipelines.
His most recent gig includes leading a fin-tech startup focusing on delivering the right way, not the easy way. Whilst building something valuable to the customer he’s also lead the charge on laying the foundations to take the product global.
He has also worked with a global asset management company to develop their Agile culture from scratch whilst shipping code to AWS faster.
His current bug bear is secrets management, and how many projects and teams are struggling to handle them securely, and properly.