Microservice Secrets

•

0 likes•53 views

J

A quick discussion on managing microservice secrets

MICROSECRETS
HANDLING SECRET VALUES IN MICROSERVICES

Everyone Has Secrets
Database Credentials

API Keys

Encryption Keys

IS IT SAFE?

Safe Secrets
Never stored in plain text

Never transmitted in plain text

Decrypted on demand

Access Controls

Audit-able

Our Requirements
Eﬀortless HA (Serverless?)

ACLs and Auditing

Decrypt at Runtime

Version with the code

Simple initial trust (ec2)

Runtime agnostic

Options for getting secrets
Service Access Storage ACL Versioning HA Simplicity?
Hashicorp
Vault
HTTPS Various ✅ 🚫? ✅ 😓
K8s
Secrets
ENV /
File
Etcd
RBAC
/ ns
🚫? ✅ 😅
Credstash
/Conﬁdant
HTTPS
API
Dynamo
DB
✅ ✅ ✅ 😅
Spring
Cloud
HTTPS
Git /
Various
? ✅? 😑 😑
AWS SSM
Params
HTTPS
API
(Probably
DDB)
✅ ✅ ✅ 😅

Options for getting secrets
Service Access Storage ACL Versioning HA Simplicity?
Blackbox GPG/File
File/
SCM
🚫 ✅ ✅ 😑
Sneaker File S3 ✅ ✅ ✅ 😅
SOPS
KMS
GPG File
File/
SCM
✅ ✅ ✅ 😅
DIY ? ? ? ? ? 😫
DIY w/
KMS
API? ? ✅ ? ? 😕

GITHUB.COM/IBOTTA/SOPSTOOL
SOPS WRAPPER FOR MANY FILES

Mozilla SOPS
+ Ibotta sopstool
Multiple ﬁles, versioned along with code

No drift, keep version history

JSON/YAML encrypt values, others whole ﬁle

Encrypted via KMS Keys, AES

No server (well, kms). Audit log, ACL included

Entrypoint command decrypts and executes

Limited lifetime

– WERNER VOGELS, AWS CTO
RE:INVENT 2017 (AND 2016)

DENVER MICROSERVICES
PROJECT
DATE CLIENT
28MAR2018
THANKS
GITHUB.COM/IBOTTA/SOPSTOOL

More Related Content

What's hot

apidays LIVE Paris 2021 - Using OpenAPI to configure your API Gateway by Ole ...

apidays LIVE Paris 2021 - Using OpenAPI to configure your API Gateway by Ole ...

apidays LIVE Paris 2021 - Using OpenAPI to configure your API Gateway by Ole ...

DevDay: Creating an Awesome Developer Experience for Corda, Web3 Labs

DevDay: Creating an Awesome Developer Experience for Corda, Web3 Labs

DevDay: Creating an Awesome Developer Experience for Corda, Web3 Labs

apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...

apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...

apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...

Serverless Security: Are you ready for the Future?

Serverless Security: Are you ready for the Future?

Serverless Security: Are you ready for the Future?

YouTube Video https://youtu.be/zmFU54Apyn8 Speaker John Gethoefer | Principal Software Engineer | Bumped, Inc. Abstract Get started with Smart Contracts and the Solidity™ language. In this presentation, you'll receive an introduction to Solidity, a programming language for creating smart contracts for Ethereum and Hedera Hashgraph. You will learn step-by-step procedures to creating a simple smart contract and explore best practices for testing and developing distributed applications (Dapps).

Smart Contracts: From Zero to Dapp Hero | Hedera18

Smart Contracts: From Zero to Dapp Hero | Hedera18

Smart Contracts: From Zero to Dapp Hero | Hedera18

Hedera Hashgraph

About the webinar The use of an API gateway and the move to microservices are two of the most important trends in application development. But are they similar, or different; complementary, or contradictory? In this webinar, we discuss the advantages of an API gateway, the advantages of microservices development, and how and when they can work together. The NGINX Microservices Reference Architecture (MRA) uses three different network architectures, with service mesh as a fourth. We describe how an API gateway relates to each of these network architectures and how to reduce rework if your application needs to evolve from one architecture to another. Speakers: Charles Pretzer, Technical Architect, NGINX, Inc. Floyd Smith, Director of Content Marketing, NGINX, Inc.

Using an API Gateway for Microservices

Using an API Gateway for Microservices

Using an API Gateway for Microservices

The Security Capabilities of Everything IP

The Security Capabilities of Everything IP

The Security Capabilities of Everything IP

Distributed tracing with OpenTracing and Jaeger @ getstream.io

Distributed tracing with OpenTracing and Jaeger @ getstream.io

Distributed tracing with OpenTracing and Jaeger @ getstream.io

Kubernetes has been called the "platform of platforms" and the final major evolutionary step of cloud native computing. What's needed to build an API Platform on it? A great developer experience? An API Marketplace for managing all APIs together in one place? Auto build and deploy onto multiple flavors of K8s? Multi-tenancy? SaaS model hosting with multi-tenancy? Team based development? Ability to create new microservices and APIs? Support for sync and async protocols? Analytics? Metering, monitoring, policy enforcement? What else? Are we done? Or will we need to rebuild the platform again on serverless functions? Watch Recording : https://youtu.be/kQjETt_c8Ac

[APIdays INTERFACE 2021] Now that we have K8s, can we stop re-inventing API p...

[APIdays INTERFACE 2021] Now that we have K8s, can we stop re-inventing API p...

[APIdays INTERFACE 2021] Now that we have K8s, can we stop re-inventing API p...

On-demand recording: https://www.nginx.com/resources/webinars/istio-move-to-microservices-service-mesh/ About the webinar NGINX is widely known, used, and trusted for a variety of purposes. NGINX works as a reliable, high-performance web server, reverse proxy server, and load balancer. NGINX is also a widely used microservices hub, an Ingress controller for Kubernetes, and a sidecar proxy in the Istio service mesh. In this webinar, we’ll describe the move to microservices, the crucial role that NGINX has already played, and a range of architectural options that organizations have for their microservices apps, including three progressively complex models in the NGINX Microservices Reference Architecture. We’ll then introduce the emergence of Kubernetes as a container orchestration framework, the use of service mesh architectures, and the design of Istio. We’ll finish by showing how NGINX Open Source and NGINX Plus can be used as the sidecar proxy in an Istio service mesh, bringing greater reliability and capability to your service mesh application.

NGINX, Istio, and the Move to Microservices and Service Mesh

NGINX, Istio, and the Move to Microservices and Service Mesh

NGINX, Istio, and the Move to Microservices and Service Mesh

Hedera Hashgraph San Francisco Meetup - A Complete Guide on Onboarding to the...

Hedera Hashgraph San Francisco Meetup - A Complete Guide on Onboarding to the...

Hedera Hashgraph San Francisco Meetup - A Complete Guide on Onboarding to the...

Hedera Hashgraph

NGINX KubeCon Copenhagen 2018

NGINX KubeCon Copenhagen 2018

NGINX KubeCon Copenhagen 2018

We are all now experiencing that remote working and virtual conferencing are important tools to stay connected. Not just in current circumstances but also in the wider future. That is why it is important to offer an easy-to-use, efficient, and quick replacement. Nextcloud is a platform for complete online collaboration and communication and can help to quickly adept and stay connected. Nextcloud is built by Nextcloud GmbH that has employees in home-offices in 11 countries and the Nextcloud Community which is spread all over the world. This talk gives an inside look at how Nextcloud GmbH works together with the Nextcloud community-building Nextcloud. It covers different communication channels that work for synchronous and asynchronous communication, how coordination in distributed teams works, and how good and efficient collaboration around documents is possible. Additionally, but also very important to share, this talk covers some of the challenges and solutions on how to successfully work across different countries, time zones, languages, and cultures.

stackconf 2021 | First hand experience: How Nextcloud stayed productive durin...

stackconf 2021 | First hand experience: How Nextcloud stayed productive durin...

stackconf 2021 | First hand experience: How Nextcloud stayed productive durin...

Microservices:  The phantom menace . Istio Service Mesh:  the new hope

Microservices:  The phantom menace . Istio Service Mesh:  the new hope

Microservices:  The phantom menace . Istio Service Mesh:  the new hope

On-demand recording: https://www.nginx.com/resources/webinars/mra-ama-part-6-service-mesh-models/ Speakers: Charles Pretzer Technical Architect NGINX, Inc. Floyd Smith Director of Content Marketing NGINX, Inc. About the webinar: In this webinar, two models of the NGINX Microservices Reference Architecture, the Router Mesh Model and the Fabric Model, are shown as successively more capable implementations of a service mesh architecture. We compare the MRA models to Istio, linkerd, and other service mesh architectures, and show how the NGINX Kubernetes Ingress Controller allows direct use of these other architectures. Attendees of the live webinar will have the opportunity to ask questions. Service mesh models are an emerging standard for microservices development and deployment. Popular architectures such as Istio and linkerd use a service mesh approach, including attributes such as load balancing capability, support for authorization and authentication, and use of the circuit breaker model for resiliency. Watch this webinar to learn: - Key problems solved by using a service mesh model for microservices _ How different service mesh architectures compare to each other - How to use NGINX service mesh models - the Router Mesh Model and Fabric Model of the MRA - How the Kubernetes Ingress Controller enables the use of NGINX in Istio, linkerd, and other service mesh models

MRA AMA Part 6: Service Mesh Models

MRA AMA Part 6: Service Mesh Models

MRA AMA Part 6: Service Mesh Models

INTERFACE, by apidays - Apache Cassandra now speaks developer with Stargate ...

INTERFACE, by apidays - Apache Cassandra now speaks developer with Stargate ...

INTERFACE, by apidays - Apache Cassandra now speaks developer with Stargate ...

Attend this webinar and learn how to manage the entire lifecycle of your APIs using NGINX Controller. This includes defining, publishing, securing, routing, monitoring, troubleshooting, and analyzing usage of your APIs to assess their value. Get an overview and demo of NGINX Controller’s API Management Module. Join this webinar to learn: - How to manage API definitions and their component resources, define upstream groups and their backend servers, and route resources to upstreams - How to boost developer productivity by enabling teams to deploy new APIs faster with environment‑specific, policy‑driven management - How to mitigate DDoS attacks and protect your applications from being flooded with malicious or errant API calls by setting rate limits - How you can meet and exceed SLAs by finding the root cause of performance issues and troubleshooting them quickly https://www.nginx.com/resources/webinars/full-lifecycle-api-management-nginx-controller/

Achieve Full API Lifecycle Management Using NGINX Controller

Achieve Full API Lifecycle Management Using NGINX Controller

Achieve Full API Lifecycle Management Using NGINX Controller

Event-Driven Microservices With NATS Streaming

Event-Driven Microservices With NATS Streaming

Event-Driven Microservices With NATS Streaming

Since 2008, Netflix has been on the cutting edge of cloud-based microservices deployments. In 2017, Netflix is recognized as one of the industry leaders at building and operating “cloud native” systems at scale. Like many organizations, Netflix has unique security requirements for many of their workloads. This variety requires a holistic approach to authorization to address “who can do what” across a range of resources, enforcement points, and execution environments. In this talk, Manish Mehta (Senior Security Software Engineer at Netflix) and Torin Sandall (Technical Lead of the Open Policy Agent project) will present how Netflix is solving authorization across the stack in cloud native environments. The presentation shows how Netflix enforces authorization decisions at scale across various kinds of resources (e.g., HTTP APIs, gRPC methods, SSH), enforcement points (e.g., microservices, proxies, host-level daemons), and execution environments (e.g., VMs, containers) without introducing unreasonable latency. The presentation includes a deep dive into the architecture of the cloud native authorization system at Netflix as well as how authorization decisions can be offloaded to an open source, general-purpose policy engine (Open Policy Agent). This talk is targeted at engineers building and operating cloud native systems who are interested in security and authorization. The audience can expect to take away fresh ideas about how to enforce fine-grained authorization policies across stackthe cloud environment.

How Netflix Is Solving Authorization Across Their Cloud

How Netflix Is Solving Authorization Across Their Cloud

How Netflix Is Solving Authorization Across Their Cloud

Kevin Jones, Global Consulting Engineer from NGINX San Francisco, preseentation about how to accelerate your journey to microservices with a modernised full API lifecycle management solution. Learn how to cut costs, improve performance, and reduce load on API endpoints. This presentation, covers: All elements of full lifecycle management including API creation, securing your backend infrastructure, managing traffic, and ongoing monitoring. Innovative architecture that doesn't involve additional microgateways to process API calls Differentiated pricing model that does not penalize API adoption

APIs: Intelligent Routing, Security, & Management

APIs: Intelligent Routing, Security, & Management

APIs: Intelligent Routing, Security, & Management

What's hot (20)

apidays LIVE Paris 2021 - Using OpenAPI to configure your API Gateway by Ole ...

apidays LIVE Paris 2021 - Using OpenAPI to configure your API Gateway by Ole ...

apidays LIVE Paris 2021 - Using OpenAPI to configure your API Gateway by Ole ...

DevDay: Creating an Awesome Developer Experience for Corda, Web3 Labs

DevDay: Creating an Awesome Developer Experience for Corda, Web3 Labs

DevDay: Creating an Awesome Developer Experience for Corda, Web3 Labs

apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...

apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...

apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...

Serverless Security: Are you ready for the Future?

Serverless Security: Are you ready for the Future?

Serverless Security: Are you ready for the Future?

Smart Contracts: From Zero to Dapp Hero | Hedera18

Smart Contracts: From Zero to Dapp Hero | Hedera18

Smart Contracts: From Zero to Dapp Hero | Hedera18

Using an API Gateway for Microservices

Using an API Gateway for Microservices

Using an API Gateway for Microservices

The Security Capabilities of Everything IP

The Security Capabilities of Everything IP

The Security Capabilities of Everything IP

Distributed tracing with OpenTracing and Jaeger @ getstream.io

Distributed tracing with OpenTracing and Jaeger @ getstream.io

Distributed tracing with OpenTracing and Jaeger @ getstream.io

[APIdays INTERFACE 2021] Now that we have K8s, can we stop re-inventing API p...

[APIdays INTERFACE 2021] Now that we have K8s, can we stop re-inventing API p...

[APIdays INTERFACE 2021] Now that we have K8s, can we stop re-inventing API p...

NGINX, Istio, and the Move to Microservices and Service Mesh

NGINX, Istio, and the Move to Microservices and Service Mesh

NGINX, Istio, and the Move to Microservices and Service Mesh

Hedera Hashgraph San Francisco Meetup - A Complete Guide on Onboarding to the...

Hedera Hashgraph San Francisco Meetup - A Complete Guide on Onboarding to the...

Hedera Hashgraph San Francisco Meetup - A Complete Guide on Onboarding to the...

NGINX KubeCon Copenhagen 2018

NGINX KubeCon Copenhagen 2018

NGINX KubeCon Copenhagen 2018

stackconf 2021 | First hand experience: How Nextcloud stayed productive durin...

stackconf 2021 | First hand experience: How Nextcloud stayed productive durin...

stackconf 2021 | First hand experience: How Nextcloud stayed productive durin...

Microservices:  The phantom menace . Istio Service Mesh:  the new hope

Microservices:  The phantom menace . Istio Service Mesh:  the new hope

Microservices:  The phantom menace . Istio Service Mesh:  the new hope

MRA AMA Part 6: Service Mesh Models

MRA AMA Part 6: Service Mesh Models

MRA AMA Part 6: Service Mesh Models

INTERFACE, by apidays - Apache Cassandra now speaks developer with Stargate ...

INTERFACE, by apidays - Apache Cassandra now speaks developer with Stargate ...

INTERFACE, by apidays - Apache Cassandra now speaks developer with Stargate ...

Achieve Full API Lifecycle Management Using NGINX Controller

Achieve Full API Lifecycle Management Using NGINX Controller

Achieve Full API Lifecycle Management Using NGINX Controller

Event-Driven Microservices With NATS Streaming

Event-Driven Microservices With NATS Streaming

Event-Driven Microservices With NATS Streaming

How Netflix Is Solving Authorization Across Their Cloud

How Netflix Is Solving Authorization Across Their Cloud

How Netflix Is Solving Authorization Across Their Cloud

APIs: Intelligent Routing, Security, & Management

APIs: Intelligent Routing, Security, & Management

APIs: Intelligent Routing, Security, & Management

Similar to Microservice Secrets

We're building a storage engine for MongoDB that provides encryption at rest. When we first set out to do this, the questions were many: how do you protect database encryption keys in a distributed environment, where all the code is open source? Can you optimize performance despite the extra steps of encryption and decryption? And most importantly, how do you make the protection mechanisms easy-to-use yet secure? This talk covers the requirements we gathered, the issues we faced, and the design decisions we made. It is aimed at those interested in security, storage engines, and the engineering process.

Engineering an Encrypted Storage Engine

Engineering an Encrypted Storage Engine

Engineering an Encrypted Storage Engine

Credential store using HashiCorp Vault

Credential store using HashiCorp Vault

Credential store using HashiCorp Vault

NGINX is one of the most popular images on Docker Hub and has been at the forefront of the web since the early 2000's. In this talk we will discuss how and why NGINX's lightweight and powerful architecture makes it a very popular choice for securing containerized applications as a sidecar reverse proxy within containers. We will highlight important aspects of application security that NGINX can help with, such as TLS, HTTP, AuthN, AuthZ and traffic control.Additional Sponsor InformationDuring our session we will be Raffling off a swag pack to live attendees. We'll also be offering 30% off our swag store that can be shared via social. Details below:URL: swag-nginx.com Code: DOCKERCON30 Value: 30% off

DockerCon Live 2020 - Securing Your Containerized Application with NGINX

DockerCon Live 2020 - Securing Your Containerized Application with NGINX

DockerCon Live 2020 - Securing Your Containerized Application with NGINX

Apigee Edge: Intro to Microgateway

Apigee Edge: Intro to Microgateway

Apigee Edge: Intro to Microgateway

Apigee | Google Cloud

Secret Management Architectures

Secret Management Architectures

Secret Management Architectures

Stenio Ferreira

Do you want client-side encryption for your service, but don’t know exactly where to start? In this hands-on workshop, we review your client-side encryption options and explore implementing client-side encryption using the AWS Encryption SDK in Java, Python, and C. We cover the basics of client-side encryption, perform encrypt and decrypt operations using AWS KMS and the AWS Encryption SDK, and discuss security and performance considerations when implementing client-side encryption in your service. Bring a laptop, and be sure that you have an active AWS account with Administrator privileges before the workshop.

AWS Encryption SDK: The Busy Engineer's Guide to Client-Side Encryption (SEC3...

AWS Encryption SDK: The Busy Engineer's Guide to Client-Side Encryption (SEC3...

AWS Encryption SDK: The Busy Engineer's Guide to Client-Side Encryption (SEC3...

Amazon Web Services

Encrypting high-value content has long been a challenge for media customers. The number of digital rights management (DRM) schemes, transcoding and packaging vendors, and packaging formats created hundreds of potential integration points, each requiring extensive engineering resources and time. The Secure Packager and Encoder Key Exchange (SPEKE) is a single, open REST API specification for authentication and key exchange between DRM platforms and encryptors (transcoders and packagers) that reduces the number of integration points and accelerates time-to-market for customers for on-premises, hybrid, and cloud video workflows. In this session, learn about the SPEKE API and the Content Protection Information Exchange (CPIX) format, and how SPEKE establishes secure key exchange using Amazon API Gateway, document encryption, IAM roles, and Signature Version 4 signing for live and file-based video workflows.

SPEKE-ing of Content Protection & DRM (MAE302) - AWS re:Invent 2018

SPEKE-ing of Content Protection & DRM (MAE302) - AWS re:Invent 2018

SPEKE-ing of Content Protection & DRM (MAE302) - AWS re:Invent 2018

Amazon Web Services

This is a presentation I held at a local Azure user group. The session abstract: Azure Key Vault is a tool for securely storing and accessing secrets. We will go through a popular Azure PaaS Architecture pattern using Key Vault to store a password. I will demo and walk through the general configuration of a dedicated Azure Function app, Azure SQL and Key Vault that was deployed with automation. I will then go through fairly advanced techniques and best practices on how to deploy Azure Key Vault and a password secret with ARM templates. Finally, a very brief look at my Azure DevOps Pipeline to deploy the ARM template. You will come away with an understanding of an applied use case of leveraging Azure Key vault for a PaaS solution in better managing a password secret.

Azure Key Vault with a PaaS Architecture and ARM Template Deployment

Azure Key Vault with a PaaS Architecture and ARM Template Deployment

Azure Key Vault with a PaaS Architecture and ARM Template Deployment

Managing secrets in a distributed cloud world requires a new approach to security. Applications and systems are now frequently created and destroyed. The network between distributed clouds, applications, and systems is low-trust, furthering the complexities of secrets sprawl. So, what is the solution? HashiCorp Vault seeks to solve the problem of secret sprawl by centralizing secrets management in a scalable, repeatable workflow to be able to create, manage, and revoke secrets as needed. Watch this webinar to learn: - How Vault addresses today’s security threats - How security teams can use Vault to store and manage all their secrets across their private and public infrastructure, globally. - How Adobe reduced secret sprawl, increased operational performance of a key security process, and processes 100 trillion transactions with Vault For full webinar recording: https://hashicorp.com/resources/eliminating-secret-sprawl-in-the-cloud

Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018

Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018

Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018

In this talk I will show how to save secret keys in Docker containers and K8s in production and best practices for saving and securing distribution of secrets. With Docker and k8s secrets we can manage information related to keys that are needed at runtime but cannot be exposed in the Docker image or source code repository. These could be the main talking points: 1.Challenges of security and secret keys in containers 2.Best practices for saving and securing distribution of secrets in Docker Containers 3.Managing secrets in Kubernetes using volumes and sealed-secrets 4.Other tools for distributing secrets in containers like Hashicorp Vault and KeyWhiz

Sharing secret keys in Docker containers and K8s

Sharing secret keys in Docker containers and K8s

Sharing secret keys in Docker containers and K8s

Jose Manuel Ortega Candel

DevOps toolchains are transforming modern IT, but hackers can undermine their benefits through poorly implemented or vulnerable DevOps tools. Chris Gates and Ken Johnson will share their collaborative attack research into the technology driving DevOps. They will share an attacker's perspective on exploiting DevOps organizations and the countermeasures these organizations should employ. RSAC 2017 Ken Johnson & Chris Gates

DevOOPS: Attacks and Defenses for DevOps Toolchains

DevOOPS: Attacks and Defenses for DevOps Toolchains

DevOOPS: Attacks and Defenses for DevOps Toolchains

by Brad Dispensa, Sr. Solutions Architect, AWS Operating a security practice on AWS brings many new challenges that haven't been faced in data center environments. The dynamic nature of infrastructure, the relationship between development team members and their applications, and the architecture paradigms have all changed as a result of building software on top of AWS. In this session we will cover how you can use secure configuration and automation to monitor, audit, and enforce your security policies within an AWS environment. Level 200

Secure Configuration and Automation Overview

Secure Configuration and Automation Overview

Secure Configuration and Automation Overview

Amazon Web Services

Practical Cryptography and Security Concepts for Developers

Practical Cryptography and Security Concepts for Developers

Practical Cryptography and Security Concepts for Developers

Gökhan Şengün

Transparent Data Encryption for SharePoint Content Databases

Transparent Data Encryption for SharePoint Content Databases

Transparent Data Encryption for SharePoint Content Databases

The Internet of Things presents both a challenge and opportunity for identity management - a challenge because existing mechanisms for authentication & authorization must be extended and adapted for the particular constraints of devices (both legacy and new) and an opportunity because the devices that users more and more carry with them offer new abilities to enable a more seamless authentication experience for those users. Both of these aspects demand a consistent, cohesive and interoperable identity layer across IoT verticals, platforms, and protocols. Critically, we need an identity layer that acknowledges the full continuum of risk (and so appropriate security measures) that the IoT presents. Good security means knowing who entities (both device & user) are and what they should or should not be allowed to do. Good privacy requires that users will be able to control how their devices collect, store and share data. This talk will examine how existing & new tools (like OAuth, UMA, FIDO, and DLTs) may help meet these fundamental requirements for securing the IoT. (Source: RSA Conference USA 2018)

Identity-Based Security and Privacy for the Internet of Things

Identity-Based Security and Privacy for the Internet of Things

Identity-Based Security and Privacy for the Internet of Things

How do you securely deliver high-quality video streaming on AWS, to reach your audience in multiple countries? Using Wowza Streaming Engine™ software through AWS Marketplace, you can deploy and operate streaming applications from UGC to high definition video streams. You can model your application stack with layers that define building blocks of your application in a highly available and self-healing architecture. In this webinar, you will learn how to quickly launch virtual Wowza Streaming Engine servers on Amazon EC2 from AWS Marketplace, pull on-demand content for live streams, set up a live workflow, tie with AWS KMS for encryption and key management and deliver streams globally using Amazon CloudFront and Amazon Route 53. You will also learn the secure VOD workflow using Amazon Elastic Transcoder, Amazon S3, Amazon CloudFront and AWS KMS and deploy a completely automated end-to-end workflow without servers, enabling you to reach a wide range of user devices across the globe. Learning Objectives: • How to deploy encrypted streaming (live and VOD) application using AWS Marketplace and other AWS products (Amazon S3, Amazon Elastic Transcoder, Amazon CloudFront, AWS KMS, and Amazon Route 53) • How to manage and configure Amazon EC2 instances based on the number of streams and users • How to deploy fully automated applications using services and software from AWS and AWS Marketplace partner solutions Who Should Attend: • Developers, Dev-Ops Engineers, Media IT Operations Professionals, and Marketing Technology Manager

AWS April Webinar Series - Securely Deliver High Quality Content with AWS and...

AWS April Webinar Series - Securely Deliver High Quality Content with AWS and...

AWS April Webinar Series - Securely Deliver High Quality Content with AWS and...

Amazon Web Services

Highly secure content delivery at global scale with amazon cloudfront

Highly secure content delivery at global scale with amazon cloudfront

Highly secure content delivery at global scale with amazon cloudfront

Amazon Web Services

From Java 17 to 21- A Showcase of JDK Security Enhancements

From Java 17 to 21- A Showcase of JDK Security Enhancements

From Java 17 to 21- A Showcase of JDK Security Enhancements

Ana-Maria Mihalceanu

Catch the full webinar here: https://www.beyondtrust.com/resources/webinar/eyes-wide-shut-passwords-no-one-watching/?access_code=a4cd9bc071c923daab48132b0bb2e4f3 Check out this presentation from the intensivewebinar of Paula Januszkiewicz, CEO CQURE, penetration tester and mentor of CQURE Academy. Paula demonstrates common encryption and decryption password in use today, with an eye toward revealing technology holes and weaknesses that put passwords at risk. Paula will also demonstrate how to locate passwords in some unexpected places, and then walk you through mitigation of these risks.

Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?

Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?

Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?

You know you want client-side encryption for your service but you don’t know exactly where to start. Join us for a hands-on workshop where we review some of your client-side encryption options and explore implementing client-side encryption using the AWS Encryption SDK. In this session, we cover the basics of client-side encryption, perform encrypt and decrypt operations using AWS KMS and the AWS Encryption SDK, and discuss security and performance considerations when implementing client-side encryption in your service.

SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption

SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption

SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption

Amazon Web Services

Similar to Microservice Secrets (20)

Engineering an Encrypted Storage Engine

Engineering an Encrypted Storage Engine

Engineering an Encrypted Storage Engine

Credential store using HashiCorp Vault

Credential store using HashiCorp Vault

Credential store using HashiCorp Vault

DockerCon Live 2020 - Securing Your Containerized Application with NGINX

DockerCon Live 2020 - Securing Your Containerized Application with NGINX

DockerCon Live 2020 - Securing Your Containerized Application with NGINX

Apigee Edge: Intro to Microgateway

Apigee Edge: Intro to Microgateway

Apigee Edge: Intro to Microgateway

Secret Management Architectures

Secret Management Architectures

Secret Management Architectures

AWS Encryption SDK: The Busy Engineer's Guide to Client-Side Encryption (SEC3...

AWS Encryption SDK: The Busy Engineer's Guide to Client-Side Encryption (SEC3...

AWS Encryption SDK: The Busy Engineer's Guide to Client-Side Encryption (SEC3...

SPEKE-ing of Content Protection & DRM (MAE302) - AWS re:Invent 2018

SPEKE-ing of Content Protection & DRM (MAE302) - AWS re:Invent 2018

SPEKE-ing of Content Protection & DRM (MAE302) - AWS re:Invent 2018

Azure Key Vault with a PaaS Architecture and ARM Template Deployment

Azure Key Vault with a PaaS Architecture and ARM Template Deployment

Azure Key Vault with a PaaS Architecture and ARM Template Deployment

Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018

Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018

Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018

Sharing secret keys in Docker containers and K8s

Sharing secret keys in Docker containers and K8s

Sharing secret keys in Docker containers and K8s

DevOOPS: Attacks and Defenses for DevOps Toolchains

DevOOPS: Attacks and Defenses for DevOps Toolchains

DevOOPS: Attacks and Defenses for DevOps Toolchains

Secure Configuration and Automation Overview

Secure Configuration and Automation Overview

Secure Configuration and Automation Overview

Practical Cryptography and Security Concepts for Developers

Practical Cryptography and Security Concepts for Developers

Practical Cryptography and Security Concepts for Developers

Transparent Data Encryption for SharePoint Content Databases

Transparent Data Encryption for SharePoint Content Databases

Transparent Data Encryption for SharePoint Content Databases

Identity-Based Security and Privacy for the Internet of Things

Identity-Based Security and Privacy for the Internet of Things

Identity-Based Security and Privacy for the Internet of Things

AWS April Webinar Series - Securely Deliver High Quality Content with AWS and...

AWS April Webinar Series - Securely Deliver High Quality Content with AWS and...

AWS April Webinar Series - Securely Deliver High Quality Content with AWS and...

Highly secure content delivery at global scale with amazon cloudfront

Highly secure content delivery at global scale with amazon cloudfront

Highly secure content delivery at global scale with amazon cloudfront

From Java 17 to 21- A Showcase of JDK Security Enhancements

From Java 17 to 21- A Showcase of JDK Security Enhancements

From Java 17 to 21- A Showcase of JDK Security Enhancements

Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?

Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?

Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?

SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption

SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption

SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption

Recently uploaded

In the dynamic field of DevOps, the quest for efficiency and productivity is endless. This talk introduces a revolutionary toolkit: Large Language Models (LLMs), including ChatGPT, Gemini, and Claude, extending far beyond traditional coding assistance. We'll explore how LLMs can automate not just code generation, but also transform day-to-day operations such as crafting compelling cover letters for TPS reports, streamlining client communications, and architecting innovative DevOps solutions. Attendees will learn effective prompting strategies and examine real-life use cases, demonstrating LLMs' potential to redefine productivity in the DevOps landscape. Join us to discover how to harness the power of LLMs for a comprehensive productivity boost across your DevOps activities.

ChatGPT and Beyond - Elevating DevOps Productivity

ChatGPT and Beyond - Elevating DevOps Productivity

ChatGPT and Beyond - Elevating DevOps Productivity

VictorSzoltysek

In today's digital world, trust is key to customer relationships, but keeping it is a huge challenge. Customers are well-informed and empowered, quick to change brands if their trust is broken, even if it costs them more. This puts a lot of pressure on organizations to handle trust and safety issues with great care and transparency. The challenge, however, is real. Fragmented solutions have left privacy, legal, and security teams in a perpetual cycle of catch-up, struggling to update privacy notices, manage customer data rights, and answer lengthy security questionnaires—all while trying to prove ROI to the business. It's a thankless job, filled with repetition, tedious tasks, and constant interdepartmental coordination. Combine this with fast regulatory changes and the quick evolution of AI, and it becomes overwhelming. Join this webinar to learn more about TrustArc's new innovative solution Trust Center, the only unified, no-code online hub for trust and safety information built for privacy, security, compliance, and legal teams. Trust Center streamlines your path to compliance, shortens the pre-sales cycle, and reduces both legal and regulatory risks, saving time, effort, and cost. This webinar will review: - Why companies are building unified Trust Centers for a robust privacy program. - How unified Trust Centers streamline sales cycles, ensure regulatory compliance, and reduce operational bottlenecks. - How compliance, legal, security, GRC, and privacy teams benefit from a unified Trust Center in terms of needs, pains, and outcomes. - How TrustArc Trust Center saves time and work while reducing legal, reputational, and compliance risk by effectively managing policies, notices, terms, and disclosures, and providing real-time updates on subprocessors.

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...

How to Check CNIC Information Online with Pakdata cf

How to Check CNIC Information Online with Pakdata cf

How to Check CNIC Information Online with Pakdata cf

Introduction to use of FHIR Documents in ABDM

Introduction to use of FHIR Documents in ABDM

Introduction to use of FHIR Documents in ABDM

Introduction to FIDO Authentication and Passkeys.pptx

Introduction to FIDO Authentication and Passkeys.pptx

Introduction to FIDO Authentication and Passkeys.pptx

Webinar Recording: https://www.panagenda.com/webinars/easier-faster-and-more-powerful-notes-document-properties-reimagined/ Have you ever felt frustrated by the small properties dialog in Notes? Had to create an agent or button to quickly change a field? Searched endlessly for the field you wanted to compare each time you selected a new document? Wished you could just make the damned thing bigger? Luckily, there is a solution – and you probably already have it installed! With the free panagenda Document Properties (Pro) you get the properties dialog you always needed. Big, resizable, full-text searchable. View multiple documents at once or compare them with a diff viewer. Modify any field, and finally have an easy way to handle profile documents for all users. Join HCL Lifetime Ambassador Julian Robichaux to discover how Document Properties can simplify your work and assist you daily when using Domino applications – in the client or the designer. You will never look back! Key takeaways from this session - What Document Properties is, which editions there are, and how you can find it in Notes and Domino Designer - How you can search for and edit any field, compare documents, or CSV export all data - How to find, edit, and even delete profile documents - Which configuration settings are available to customize feature

Easier, Faster, and More Powerful – Notes Document Properties Reimagined

Easier, Faster, and More Powerful – Notes Document Properties Reimagined

Easier, Faster, and More Powerful – Notes Document Properties Reimagined

State of the Smart Building Startup Landscape 2024!

State of the Smart Building Startup Landscape 2024!

State of the Smart Building Startup Landscape 2024!

CORS (Kitworks Team Study 양다윗 발표자료 240510)

CORS (Kitworks Team Study 양다윗 발표자료 240510)

CORS (Kitworks Team Study 양다윗 발표자료 240510)

The presentation was made in “Web3 Fusion: Embracing AI and Beyond” is more than a conference; it's a journey into the heart of digital transformation. The conference a provided a platform where the future of technology meets practical application. This three-day hybrid event, set in the heart of innovation, served as a gateway to the latest trends and transformative discussions in AI, Blockchain, IoT, AR/VR, and their collective impact on the information space.

AI in Action: Real World Use Cases by Anitaraj

AI in Action: Real World Use Cases by Anitaraj

AI in Action: Real World Use Cases by Anitaraj

Event-Driven Architecture Masterclass: Challenges in Stream Processing

Event-Driven Architecture Masterclass: Challenges in Stream Processing

Event-Driven Architecture Masterclass: Challenges in Stream Processing

Microsoft CSP Briefing Pre-Engagement - Questionnaire

Microsoft CSP Briefing Pre-Engagement - Questionnaire

Microsoft CSP Briefing Pre-Engagement - Questionnaire

Tales from a Passkey Provider Progress from Awareness to Implementation.pptx

Tales from a Passkey Provider Progress from Awareness to Implementation.pptx

Tales from a Passkey Provider Progress from Awareness to Implementation.pptx

ADP Passwordless Journey Case Study.pptx

ADP Passwordless Journey Case Study.pptx

ADP Passwordless Journey Case Study.pptx

Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx

Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx

Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx

TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...

TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...

TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...

marcuskenyatta275

Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots

Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots

Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots

Leah Henrickson

At Skynet Technologies, our team of accessibility experts performs automated, semi-automated, and manual audits of websites and web applications as per WCAG 2.2 level AA, ADA, and section 508. Based on evaluations of the accessibility compliance level of the website’s UI, design, source code, navigation, interactive elements, and overall usability, we will provide a digital accessibility evaluation report with in-depth details of potential accessibility barriers and remediation recommendations. Get a manual website WCAG audit (2.0, 2.1, 2.2 level AA) for a small website: 10 pages: $2,500 within 7 business days 30 pages: $7,500 within 14 business days 50 pages: $12,500 within 28 business days For medium websites: 100 pages: $25,000 within 70 business days For larger websites or audits of all pages, please reach out hello@skynettechnologies.com.

Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...

Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...

Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...

Skynet Technologies

Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf

Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf

Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf

Hyatt driving innovation and exceptional customer experiences with FIDO passw...

Hyatt driving innovation and exceptional customer experiences with FIDO passw...

Hyatt driving innovation and exceptional customer experiences with FIDO passw...

JohnPollard-hybrid-app-RailsConf2024.pptx

JohnPollard-hybrid-app-RailsConf2024.pptx

JohnPollard-hybrid-app-RailsConf2024.pptx

Recently uploaded (20)

ChatGPT and Beyond - Elevating DevOps Productivity

ChatGPT and Beyond - Elevating DevOps Productivity

ChatGPT and Beyond - Elevating DevOps Productivity

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...

How to Check CNIC Information Online with Pakdata cf

How to Check CNIC Information Online with Pakdata cf

How to Check CNIC Information Online with Pakdata cf

Introduction to use of FHIR Documents in ABDM

Introduction to use of FHIR Documents in ABDM

Introduction to use of FHIR Documents in ABDM

Introduction to FIDO Authentication and Passkeys.pptx

Introduction to FIDO Authentication and Passkeys.pptx

Introduction to FIDO Authentication and Passkeys.pptx

Easier, Faster, and More Powerful – Notes Document Properties Reimagined

Easier, Faster, and More Powerful – Notes Document Properties Reimagined

Easier, Faster, and More Powerful – Notes Document Properties Reimagined

State of the Smart Building Startup Landscape 2024!

State of the Smart Building Startup Landscape 2024!

State of the Smart Building Startup Landscape 2024!

CORS (Kitworks Team Study 양다윗 발표자료 240510)

CORS (Kitworks Team Study 양다윗 발표자료 240510)

CORS (Kitworks Team Study 양다윗 발표자료 240510)

AI in Action: Real World Use Cases by Anitaraj

AI in Action: Real World Use Cases by Anitaraj

AI in Action: Real World Use Cases by Anitaraj

Event-Driven Architecture Masterclass: Challenges in Stream Processing

Event-Driven Architecture Masterclass: Challenges in Stream Processing

Event-Driven Architecture Masterclass: Challenges in Stream Processing

Microsoft CSP Briefing Pre-Engagement - Questionnaire

Microsoft CSP Briefing Pre-Engagement - Questionnaire

Microsoft CSP Briefing Pre-Engagement - Questionnaire

Tales from a Passkey Provider Progress from Awareness to Implementation.pptx

Tales from a Passkey Provider Progress from Awareness to Implementation.pptx

Tales from a Passkey Provider Progress from Awareness to Implementation.pptx

ADP Passwordless Journey Case Study.pptx

ADP Passwordless Journey Case Study.pptx

ADP Passwordless Journey Case Study.pptx

Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx

Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx

Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx

TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...

TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...

TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...

Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots

Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots

Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots

Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...

Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...

Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...

Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf

Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf

Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf

Hyatt driving innovation and exceptional customer experiences with FIDO passw...

Hyatt driving innovation and exceptional customer experiences with FIDO passw...

Hyatt driving innovation and exceptional customer experiences with FIDO passw...

JohnPollard-hybrid-app-RailsConf2024.pptx

JohnPollard-hybrid-app-RailsConf2024.pptx

JohnPollard-hybrid-app-RailsConf2024.pptx

Microservice Secrets

1. MICROSECRETS HANDLING SECRET VALUES IN MICROSERVICES

2. Everyone Has Secrets Database Credentials API Keys Encryption Keys

4. Safe Secrets Never stored in plain text Never transmitted in plain text Decrypted on demand Access Controls Audit-able

5. Our Requirements Eﬀortless HA (Serverless?) ACLs and Auditing Decrypt at Runtime Version with the code Simple initial trust (ec2) Runtime agnostic

6. Options for getting secrets Service Access Storage ACL Versioning HA Simplicity? Hashicorp Vault HTTPS Various ✅ 🚫? ✅ 😓 K8s Secrets ENV / File Etcd RBAC / ns 🚫? ✅ 😅 Credstash /Conﬁdant HTTPS API Dynamo DB ✅ ✅ ✅ 😅 Spring Cloud HTTPS Git / Various ? ✅? 😑 😑 AWS SSM Params HTTPS API (Probably DDB) ✅ ✅ ✅ 😅

7. Options for getting secrets Service Access Storage ACL Versioning HA Simplicity? Blackbox GPG/File File/ SCM 🚫 ✅ ✅ 😑 Sneaker File S3 ✅ ✅ ✅ 😅 SOPS KMS GPG File File/ SCM ✅ ✅ ✅ 😅 DIY ? ? ? ? ? 😫 DIY w/ KMS API? ? ✅ ? ? 😕

8. GITHUB.COM/IBOTTA/SOPSTOOL SOPS WRAPPER FOR MANY FILES

9. Mozilla SOPS + Ibotta sopstool Multiple ﬁles, versioned along with code No drift, keep version history JSON/YAML encrypt values, others whole ﬁle Encrypted via KMS Keys, AES No server (well, kms). Audit log, ACL included Entrypoint command decrypts and executes Limited lifetime

10. – WERNER VOGELS, AWS CTO RE:INVENT 2017 (AND 2016)

11. DENVER MICROSERVICES PROJECT DATE CLIENT 28MAR2018 THANKS GITHUB.COM/IBOTTA/SOPSTOOL