So you’ve scaled your app up to 1000 instances. Do they all share the same credentials for access to stateful resources? Then the attack surface for your stateful resources just got scaled up too. Automated secret management lets you focus on scaling up your app, not your risk of data compromise.
This talk aims to introduce some important considerations in attack surface management at scale, and provide some patterns and tips on integrating secret management workflows into Continuous Deployment infrastructure.
Sensitive customer data needs to be protected throughout AWS. This session discusses the options available for encrypting data at rest in AWS. It focuses on several scenarios, including transparent AWS management of encryption keys on behalf of the customer to provide automated server-side encryption and customer key management using partner solutions or AWS CloudHSM. This session is helpful for anyone interested in protecting data stored in AWS.
This document provides a deep dive on Amazon EC2 instances. It discusses how EC2 instances deliver performance through CPU, memory, and I/O capabilities while providing flexibility. It reviews the capabilities of specific instance types like C4, T2, I2, and the new X1 instances. It also discusses features like auto recovery, lifecycle hooks, and how to leverage other AWS services to optimize performance. The document contains charts showing the history and attributes of different EC2 instance types.
The document provides an overview of secret management solutions and architectures. It discusses what secrets are and why secret management is important. Some key points:
- Secrets include authentication credentials, API keys, passwords, and certificates that need access control. As services increase, so do secrets.
- An ideal secret management solution provides security, encryption, access control, auditing, ease of use, and integration with other tools.
- Version control systems and orchestration tools like Kubernetes can be used for secrets but have limitations compared to dedicated secret management solutions.
- AWS offers Parameter Store, Secrets Manager, and KMS for secret management. Parameter Store is generally recommended, while Secrets Manager is better for database
Learning Objectives:
- Learn how to make decisions about the service and share best practices and useful tips for success
- Learn about Content based routing, HTTP/2, WebSockets
- Secure your web applications using TLS termination, AWS WAF on Application Load Balancer
Building PaaS with Amazon EKS for the Large-Scale, Highly Regulated Enterpris...Amazon Web Services
Containers make it easy to build and deploy applications by abstracting away the underlying operating system. But how do you build secure and compliant containerized applications in a distributed environment, and without direct access to the operating system your code is running on? In this session, hear how Amazon Elastic Container Service for Kubernetes (Amazon EKS) is integrated into a large-scale regulated enterprise in the areas of network, security, CI/CD, and monitoring to cater to the needs of various business units. We cover the basics in each of these areas in Amazon EKS, and we hear from Fidelity on how it is driving its cloud strategy with Amazon EKS in the heavily regulated finance sector. We also share best practices and common architectures for building containerized application in highly regulated industries.
AWS Solution Architect Associate certification covers key AWS services including compute, networking, storage, databases, deployment and management. The document provides an overview of cloud computing concepts like service models, deployment models and terminology. It also summarizes the history and growth of AWS including over 1 million active customers in 190 countries and $20 billion in annual revenue.
This presentation intends to introduce users to AWS KMS service and describes couple of design patterns to implement AWS KMS services in multi-account landing zone. This presentation also covers various KMS keys and how these keys can be used for various encryption operations.
Securely access services hosted on AWS using AWS PrivateLink. Come to this session and learn the fundamentals of AWS PrivateLink, including VPC design, VPC endpoint, Network Load Balancer, and more. Discover the benefits and use cases for connecting your VPC with AWS-based services over AWS PrivateLink, and hear about the technologies that are related to AWS PrivateLink, such as AWS Direct Connect, Amazon Route 53, and other AWS services. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision makers interested in understanding how to connect their Amazon VPCs to SaaS services in a secure and scalable manner.
Sensitive customer data needs to be protected throughout AWS. This session discusses the options available for encrypting data at rest in AWS. It focuses on several scenarios, including transparent AWS management of encryption keys on behalf of the customer to provide automated server-side encryption and customer key management using partner solutions or AWS CloudHSM. This session is helpful for anyone interested in protecting data stored in AWS.
This document provides a deep dive on Amazon EC2 instances. It discusses how EC2 instances deliver performance through CPU, memory, and I/O capabilities while providing flexibility. It reviews the capabilities of specific instance types like C4, T2, I2, and the new X1 instances. It also discusses features like auto recovery, lifecycle hooks, and how to leverage other AWS services to optimize performance. The document contains charts showing the history and attributes of different EC2 instance types.
The document provides an overview of secret management solutions and architectures. It discusses what secrets are and why secret management is important. Some key points:
- Secrets include authentication credentials, API keys, passwords, and certificates that need access control. As services increase, so do secrets.
- An ideal secret management solution provides security, encryption, access control, auditing, ease of use, and integration with other tools.
- Version control systems and orchestration tools like Kubernetes can be used for secrets but have limitations compared to dedicated secret management solutions.
- AWS offers Parameter Store, Secrets Manager, and KMS for secret management. Parameter Store is generally recommended, while Secrets Manager is better for database
Learning Objectives:
- Learn how to make decisions about the service and share best practices and useful tips for success
- Learn about Content based routing, HTTP/2, WebSockets
- Secure your web applications using TLS termination, AWS WAF on Application Load Balancer
Building PaaS with Amazon EKS for the Large-Scale, Highly Regulated Enterpris...Amazon Web Services
Containers make it easy to build and deploy applications by abstracting away the underlying operating system. But how do you build secure and compliant containerized applications in a distributed environment, and without direct access to the operating system your code is running on? In this session, hear how Amazon Elastic Container Service for Kubernetes (Amazon EKS) is integrated into a large-scale regulated enterprise in the areas of network, security, CI/CD, and monitoring to cater to the needs of various business units. We cover the basics in each of these areas in Amazon EKS, and we hear from Fidelity on how it is driving its cloud strategy with Amazon EKS in the heavily regulated finance sector. We also share best practices and common architectures for building containerized application in highly regulated industries.
AWS Solution Architect Associate certification covers key AWS services including compute, networking, storage, databases, deployment and management. The document provides an overview of cloud computing concepts like service models, deployment models and terminology. It also summarizes the history and growth of AWS including over 1 million active customers in 190 countries and $20 billion in annual revenue.
This presentation intends to introduce users to AWS KMS service and describes couple of design patterns to implement AWS KMS services in multi-account landing zone. This presentation also covers various KMS keys and how these keys can be used for various encryption operations.
Securely access services hosted on AWS using AWS PrivateLink. Come to this session and learn the fundamentals of AWS PrivateLink, including VPC design, VPC endpoint, Network Load Balancer, and more. Discover the benefits and use cases for connecting your VPC with AWS-based services over AWS PrivateLink, and hear about the technologies that are related to AWS PrivateLink, such as AWS Direct Connect, Amazon Route 53, and other AWS services. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision makers interested in understanding how to connect their Amazon VPCs to SaaS services in a secure and scalable manner.
Amazon Inspector is a vulnerability assessment service that helps customers identify security vulnerabilities and deviations from best practices in their AWS environment. It automates security checks, integrates with DevOps workflows, and provides remediation guidance to help customers comply with frameworks like CIS benchmarks. The service scans infrastructure for vulnerabilities and exposures, with findings presented in a standardized format to facilitate automated remediation. Pricing is based on the number of "agent-assessments" performed.
Amazon EKS Architecture in detail including CNI/Networking, IAM, Provisioning, Shared Responsibility Model, Project Calico, Load Balancing, Logging/Metrics, CI/CD using AWS CodePipeline, CodeCommit, CodeBuild, Lambda, Amazon ECR and Parameter Store and finally the use of Spot Instances which could yield a savings of 70-90% versus conventional on-demand EC2 instances.
With a minimum security baseline in place, you can host data—which means data protection is required. In this session, we discuss defining an encryption strategy and selecting native AWS tools (AWS KMS, AWS CloudHSM) or third-party tools; defining key rotation and key protection mechanisms; and defining data at rest and data in transit protection requirements.
Speaker: Nathan Case - Sr. Solutions Architect, AWS
The document discusses cloud computing security. It begins with an introduction to cloud computing that defines it and outlines its characteristics, service models, and deployment models. It then discusses common security concerns and attacks in cloud computing like DDoS attacks, side channel attacks, and attacks on management consoles. It provides best practices for different security domains like architecture, governance, compliance, and data security. It also discusses current industry initiatives in cloud security.
For more training on AWS, visit: https://www.qa.com/amazon
AWS Loft | London - Amazon Virtual Private Cloud by Andrew Kane, Solution Architect
April 18, 2016
This document provides an overview of AWS multi-account architecture best practices and strategies for implementing a "landing zone" on AWS. It discusses setting up accounts for master, core services, shared services, development sandboxes, and team/group environments. The document then outlines steps for implementing a landing zone using the AWS Landing Zone solution, including setting up accounts for shared services, log archives, security and establishing baselines across team accounts.
All You Need to Know about AWS Elastic Load BalancerCloudlytics
Elastic Load Balancer (ELB) distributes incoming application traffic across multiple Amazon EC2 instances, performs health checks on the instances, and directs traffic away from unhealthy instances to ensure application availability. ELBs scale automatically to match the incoming application traffic load, distributing traffic evenly across healthy EC2 instances. ELBs can distribute traffic to instances across availability zones for high availability.
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
I crafted this presentation for the AWS Chicago Meetup. This deck covers the rationale, building blocks, guidelines, and several best practices for Amazon Web Services Virtual Private Cloud. I classify it as a somewhere between a 101 and 201 level presentation.
If you like the presentation, I would appreciate you clicking the Like button.
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon Web Services
Amazon GuardDuty is a threat detection service that monitors AWS accounts and the applications within them for malicious or unauthorized behavior. It uses machine learning, threat intelligence feeds, and other techniques to detect both known and unknown threats. GuardDuty analyzes AWS CloudTrail logs, VPC flow logs, and DNS logs to generate detailed findings on issues like reconnaissance, unauthorized access, and crypto-currency mining. It also integrates with other AWS services like Lambda and CloudWatch Events.
The document discusses Amazon EKS (Elastic Kubernetes Service), which allows users to run Kubernetes on AWS. It highlights that EKS manages the control plane for users and provides native integrations with other AWS services like load balancers, IAM, and container registry. The document also summarizes key capabilities like high availability of the Kubernetes masters, networking options, version upgrades, and how to provision Kubernetes nodes on EKS.
This document is the master's thesis of Réka Szabó titled "Penetration testing of aws-based environments". The thesis investigates how penetration testing techniques can be applied specifically to AWS environments. It outlines a general penetration testing methodology for AWS, integrating existing tools into the process. A major focus is on authenticated penetration tests, where credentials are provided to allow testing for internal misconfigurations. The thesis contains chapters on AWS services, common AWS security issues, penetration testing methodology, and describes conducting both non-authenticated and authenticated penetration tests of AWS environments.
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesSlideTeam
The document provides an overview of Kubernetes concepts and architecture. It begins with an introduction to containers and microservices architecture. It then discusses what Kubernetes is and why organizations should use it. The remainder of the document outlines Kubernetes components, nodes, development processes, networking, and security measures. It provides descriptions and diagrams explaining key aspects of Kubernetes such as architecture, components like Kubelet and Kubectl, node types, and networking models.
Training for AWS Solutions Architect at http://zekelabs.com/courses/amazon-web-services-training-bangalore/.This slide describes about cloud watch key concepts, workflow, dashboard, metrics, cloud watch agent, alarms, events and logs.
___________________________________________________
zekeLabs is a Technology training platform. We provide instructor led corporate training and classroom training on Industry relevant Cutting Edge Technologies like Big Data, Machine Learning, Natural Language Processing, Artificial Intelligence, Data Science, Amazon Web Services, DevOps, Cloud Computing and Frameworks like Django,Spring, Ruby on Rails, Angular 2 and many more to Professionals.
Reach out to us at www.zekelabs.com or call us at +91 8095465880 or drop a mail at info@zekelabs.com
In this talk, Oded Hareven, Co-Founder & CEO of Akeyless.io, discusses the history of the movement toward best practices in password, token, key, and credential management, including HSMs, KMSs, PAMs, and PKI management. He explores how secrets management is now a MUST for DevOps and security teams of all enterprises and why the right tool needs to be cloud-agnostic, cloud-native, integrable with any DevOps pipelines, and infinitely scalable.
The document discusses Amazon Virtual Private Cloud (Amazon VPC), which allows users to define virtual networks within the AWS cloud. It describes benefits of using VPC such as security, IP address management, and network access control. It then covers VPC capabilities, architecture scenarios, configuration options for public/private subnets, security features like security groups and network ACLs, and additional topics such as dedicated hardware, VPC peering, and default VPC configuration.
This document provides an overview of penetration testing on AWS environments. It discusses the key areas to focus on when penetration testing AWS infrastructure and applications, including external infrastructure, applications, internal infrastructure, and AWS configurations. It also outlines services that can be tested without prior approval and limitations on testing AWS-managed infrastructure. The document then covers starting penetration testing activities, accessing AWS with IAM credentials, enumerating IAM users, groups, and policies, and new methods for enumerating cross-account roles between AWS accounts.
Amazon EC2 Container Service is a new AWS service that makes it easy to run and manage Docker-enabled applications across a cluster of Amazon EC2 instances. Amazon EC2 Container Service lets you define, schedule, and stop sets of containers. You have access to the state of your resources, making it easy to confirm that tasks are running or view the utilization of Amazon EC2 instances in your cluster. This session will describe the benefits of containers, introduce the Amazon EC2 Container Service, and demonstrate how to use Amazon EC2 Container Service for your applications.
Speakers:
Ian Massingham, AWS Technical Evangelist and
Boyan Dimitrov, Platform Automation Lead, Hailo Cabs
Control Kubernetes Ingress and Egress Together with NGINXNGINX, Inc.
On-Demand Recording
https://www.nginx.com/resources/webinars/control-kubernetes-ingress-egress-together-nginx/
About the Webinar
Join our resident Kubernetes and modern apps experts in a discussion of the challenges of Kubernetes traffic management in today’s technology landscape. While Kubernetes Ingress gets most of the attention, how you handle egress traffic is just as important. Egress isn’t just about traffic leaving a cluster, either, but also concerns traffic among managed and unmanaged services within the cluster. We demo a solution using NGINX Service Mesh and NGINX Ingress Controller to control egress from the cluster and between NGINX Service Mesh and unmanaged services. Whether you’re new to modern application architectures, or looking to improve your current microservices deployment, this webinar is for you.
Speakers:
Amir Rawdat
Technical Marketing Engineer
F5
Faisal Memon
Software Engineer
F5
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Mary Racter
Secret-based protocols are the most popular methods for establishing trust in authentication. Unfortunately, they are also one of the first attack surfaces to be probed when system compromise is attempted. Today’s digital services often focus on scalability, high-availability, and fault tolerance, leading to a shift towards microservices on cluster-based architectures. Secret management has evolved as well, leading to the development of cluster-compatible, open-source SM tools such as HashiCorp’s Vault. This talk is designed to help SecOps professionals leverage security concepts such as spatial and temporal attack surfaces, trust, and risk acceptance to secure their cluster credential management.
Big Data security: Facing the challenge by Carlos Gómez at Big Data Spain 2017Big Data Spain
This talk gives a technical and innovative overview of how companies can face the challenge of protecting the data and services that are in their data-centric platform, focusing on three main aspects: implementing network segmentation, managing AAA and securing data processing.
https://www.bigdataspain.org/2017/talk/big-data-security-facing-the-challenge
Big Data Spain 2017
16th - 17th November Kinépolis Madrid
Amazon Inspector is a vulnerability assessment service that helps customers identify security vulnerabilities and deviations from best practices in their AWS environment. It automates security checks, integrates with DevOps workflows, and provides remediation guidance to help customers comply with frameworks like CIS benchmarks. The service scans infrastructure for vulnerabilities and exposures, with findings presented in a standardized format to facilitate automated remediation. Pricing is based on the number of "agent-assessments" performed.
Amazon EKS Architecture in detail including CNI/Networking, IAM, Provisioning, Shared Responsibility Model, Project Calico, Load Balancing, Logging/Metrics, CI/CD using AWS CodePipeline, CodeCommit, CodeBuild, Lambda, Amazon ECR and Parameter Store and finally the use of Spot Instances which could yield a savings of 70-90% versus conventional on-demand EC2 instances.
With a minimum security baseline in place, you can host data—which means data protection is required. In this session, we discuss defining an encryption strategy and selecting native AWS tools (AWS KMS, AWS CloudHSM) or third-party tools; defining key rotation and key protection mechanisms; and defining data at rest and data in transit protection requirements.
Speaker: Nathan Case - Sr. Solutions Architect, AWS
The document discusses cloud computing security. It begins with an introduction to cloud computing that defines it and outlines its characteristics, service models, and deployment models. It then discusses common security concerns and attacks in cloud computing like DDoS attacks, side channel attacks, and attacks on management consoles. It provides best practices for different security domains like architecture, governance, compliance, and data security. It also discusses current industry initiatives in cloud security.
For more training on AWS, visit: https://www.qa.com/amazon
AWS Loft | London - Amazon Virtual Private Cloud by Andrew Kane, Solution Architect
April 18, 2016
This document provides an overview of AWS multi-account architecture best practices and strategies for implementing a "landing zone" on AWS. It discusses setting up accounts for master, core services, shared services, development sandboxes, and team/group environments. The document then outlines steps for implementing a landing zone using the AWS Landing Zone solution, including setting up accounts for shared services, log archives, security and establishing baselines across team accounts.
All You Need to Know about AWS Elastic Load BalancerCloudlytics
Elastic Load Balancer (ELB) distributes incoming application traffic across multiple Amazon EC2 instances, performs health checks on the instances, and directs traffic away from unhealthy instances to ensure application availability. ELBs scale automatically to match the incoming application traffic load, distributing traffic evenly across healthy EC2 instances. ELBs can distribute traffic to instances across availability zones for high availability.
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
I crafted this presentation for the AWS Chicago Meetup. This deck covers the rationale, building blocks, guidelines, and several best practices for Amazon Web Services Virtual Private Cloud. I classify it as a somewhere between a 101 and 201 level presentation.
If you like the presentation, I would appreciate you clicking the Like button.
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon Web Services
Amazon GuardDuty is a threat detection service that monitors AWS accounts and the applications within them for malicious or unauthorized behavior. It uses machine learning, threat intelligence feeds, and other techniques to detect both known and unknown threats. GuardDuty analyzes AWS CloudTrail logs, VPC flow logs, and DNS logs to generate detailed findings on issues like reconnaissance, unauthorized access, and crypto-currency mining. It also integrates with other AWS services like Lambda and CloudWatch Events.
The document discusses Amazon EKS (Elastic Kubernetes Service), which allows users to run Kubernetes on AWS. It highlights that EKS manages the control plane for users and provides native integrations with other AWS services like load balancers, IAM, and container registry. The document also summarizes key capabilities like high availability of the Kubernetes masters, networking options, version upgrades, and how to provision Kubernetes nodes on EKS.
This document is the master's thesis of Réka Szabó titled "Penetration testing of aws-based environments". The thesis investigates how penetration testing techniques can be applied specifically to AWS environments. It outlines a general penetration testing methodology for AWS, integrating existing tools into the process. A major focus is on authenticated penetration tests, where credentials are provided to allow testing for internal misconfigurations. The thesis contains chapters on AWS services, common AWS security issues, penetration testing methodology, and describes conducting both non-authenticated and authenticated penetration tests of AWS environments.
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesSlideTeam
The document provides an overview of Kubernetes concepts and architecture. It begins with an introduction to containers and microservices architecture. It then discusses what Kubernetes is and why organizations should use it. The remainder of the document outlines Kubernetes components, nodes, development processes, networking, and security measures. It provides descriptions and diagrams explaining key aspects of Kubernetes such as architecture, components like Kubelet and Kubectl, node types, and networking models.
Training for AWS Solutions Architect at http://zekelabs.com/courses/amazon-web-services-training-bangalore/.This slide describes about cloud watch key concepts, workflow, dashboard, metrics, cloud watch agent, alarms, events and logs.
___________________________________________________
zekeLabs is a Technology training platform. We provide instructor led corporate training and classroom training on Industry relevant Cutting Edge Technologies like Big Data, Machine Learning, Natural Language Processing, Artificial Intelligence, Data Science, Amazon Web Services, DevOps, Cloud Computing and Frameworks like Django,Spring, Ruby on Rails, Angular 2 and many more to Professionals.
Reach out to us at www.zekelabs.com or call us at +91 8095465880 or drop a mail at info@zekelabs.com
In this talk, Oded Hareven, Co-Founder & CEO of Akeyless.io, discusses the history of the movement toward best practices in password, token, key, and credential management, including HSMs, KMSs, PAMs, and PKI management. He explores how secrets management is now a MUST for DevOps and security teams of all enterprises and why the right tool needs to be cloud-agnostic, cloud-native, integrable with any DevOps pipelines, and infinitely scalable.
The document discusses Amazon Virtual Private Cloud (Amazon VPC), which allows users to define virtual networks within the AWS cloud. It describes benefits of using VPC such as security, IP address management, and network access control. It then covers VPC capabilities, architecture scenarios, configuration options for public/private subnets, security features like security groups and network ACLs, and additional topics such as dedicated hardware, VPC peering, and default VPC configuration.
This document provides an overview of penetration testing on AWS environments. It discusses the key areas to focus on when penetration testing AWS infrastructure and applications, including external infrastructure, applications, internal infrastructure, and AWS configurations. It also outlines services that can be tested without prior approval and limitations on testing AWS-managed infrastructure. The document then covers starting penetration testing activities, accessing AWS with IAM credentials, enumerating IAM users, groups, and policies, and new methods for enumerating cross-account roles between AWS accounts.
Amazon EC2 Container Service is a new AWS service that makes it easy to run and manage Docker-enabled applications across a cluster of Amazon EC2 instances. Amazon EC2 Container Service lets you define, schedule, and stop sets of containers. You have access to the state of your resources, making it easy to confirm that tasks are running or view the utilization of Amazon EC2 instances in your cluster. This session will describe the benefits of containers, introduce the Amazon EC2 Container Service, and demonstrate how to use Amazon EC2 Container Service for your applications.
Speakers:
Ian Massingham, AWS Technical Evangelist and
Boyan Dimitrov, Platform Automation Lead, Hailo Cabs
Control Kubernetes Ingress and Egress Together with NGINXNGINX, Inc.
On-Demand Recording
https://www.nginx.com/resources/webinars/control-kubernetes-ingress-egress-together-nginx/
About the Webinar
Join our resident Kubernetes and modern apps experts in a discussion of the challenges of Kubernetes traffic management in today’s technology landscape. While Kubernetes Ingress gets most of the attention, how you handle egress traffic is just as important. Egress isn’t just about traffic leaving a cluster, either, but also concerns traffic among managed and unmanaged services within the cluster. We demo a solution using NGINX Service Mesh and NGINX Ingress Controller to control egress from the cluster and between NGINX Service Mesh and unmanaged services. Whether you’re new to modern application architectures, or looking to improve your current microservices deployment, this webinar is for you.
Speakers:
Amir Rawdat
Technical Marketing Engineer
F5
Faisal Memon
Software Engineer
F5
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Mary Racter
Secret-based protocols are the most popular methods for establishing trust in authentication. Unfortunately, they are also one of the first attack surfaces to be probed when system compromise is attempted. Today’s digital services often focus on scalability, high-availability, and fault tolerance, leading to a shift towards microservices on cluster-based architectures. Secret management has evolved as well, leading to the development of cluster-compatible, open-source SM tools such as HashiCorp’s Vault. This talk is designed to help SecOps professionals leverage security concepts such as spatial and temporal attack surfaces, trust, and risk acceptance to secure their cluster credential management.
Big Data security: Facing the challenge by Carlos Gómez at Big Data Spain 2017Big Data Spain
This talk gives a technical and innovative overview of how companies can face the challenge of protecting the data and services that are in their data-centric platform, focusing on three main aspects: implementing network segmentation, managing AAA and securing data processing.
https://www.bigdataspain.org/2017/talk/big-data-security-facing-the-challenge
Big Data Spain 2017
16th - 17th November Kinépolis Madrid
Platform Security IRL: Busting Buzzwords & Building BetterEqual Experts
Practical tips and heroic war stories on how to secure a large, modern, fast software delivery platform. From building a team to building cool stuff, dealing with organisational setups to dealing with security incidents.
Zero Buzzwords Guaranteed.
Chris Rutter has spent the last few years obsessed with making security, engineering and the business work together. Starting his career as an engineer, he uses a deep understanding of Agile, Devops, and product delivery to solve security problems in a way that enables teams, rather than hitting them with bricks.
Automate Your Container Deployments SecurelyDevOps.com
Operations seeking to make their apps and APIs both performant and available to their users must bake effective application security tooling into their processes and infrastructure configurations. How can development and operations teams release at increasing velocity with app protection built into their CI/CD pipeline?
A true next-generation, holistic web application and API protection platform does just that: operations teams can integrate security into their workflows and ensure new infrastructure and app code released to production is both effective and secure in any environment from cloud using containers to datacenters to a hybrid of these.
Join application security expert Aneel Dadani from Signal Sciences to learn how your team can automate, deploy at scale safely while gaining layer 7 visibility in production environments.
Attendees will learn:
What constitutes effective application security within the context of cloud adoption and an ever expanding threat landscape
How development teams can gain visibility into how their apps and APIs are being used in production and what vulnerabilities may exist that they overlooked
How DevOps teams can scale their application footprint to meet demand while securing your codebase in production
How to inspect request traffic at the API gateway or the ingress
This document provides a summary of Netflix's architecture and use of open source software. It discusses:
- Why Netflix open sources software, including gathering feedback, collaboration, and improving retention and recruiting
- Popular Netflix open source projects like Eureka, Ribbon, and Hystrix that are widely used in cloud architectures
- Netflix's microservices architecture and emphasis on automation, high availability, and continuous delivery
- How Netflix ensures operational visibility and security at scale through open source tools like Turbine, Atlas, and Security Monkey
- Getting started resources for understanding and running Netflix's technologies like ZeroToCloud and ZeroToDocker workshops
Defense in Depth: Implementing a Layered Privileged Password Security Strategy BeyondTrust
Tune in to the full webinar recording here: https://www.beyondtrust.com/resources/webinar/defense-depth-implementing-layered-privileged-password-security-strategy/?access_code=eb6de71b465f16507cadfb2347a9d98f
In this presentation from the live webinar of security expert and TechVangelist Founder/Chief, Nick Cavalancia explores how to apply the defense-in-depth, layered security approach to enterprise password management. Also included in this webinar is an overview of BeyondTrust's PowerBroker Password Safe, the leading solution for enterprise password management.
Security is more critical than ever with new computing environments in the cloud and expanding access to the Internet. There are a number of security protection mechanisms available for MongoDB to ensure you have a stable and secure architecture for your deployment. We'll walk through general security threats to databases and specifically how they can be mitigated for MongoDB deployments.
Slides from "Managing Secrets at scale" at Velocity EU 2015
Secrets come in many shapes and sizes: database API keys, database passwords, private keys. Distributing and managing these secrets is usually an afterthought. It's hard to get right, and can be very expensive if you get it wrong. In this session, we'll look at the core operations and properties that make up a good secret management system, and how these principals can be implemented
XP Days 2019: First secret delivery for modern cloud-native applicationsVlad Fedosov
In this talk we’ll see how Authentication and Secrets delivery work in distributed containerized applications from the inside. We’ll start from the theory of security and will go through the topics like Container Auth Role, Static & Dynamic secrets, Env vars/volumes for secret delivery, Vault & K8S secrets. After this talk you’ll get an understanding how to securely deploy your containerized workloads.
A data-centric platform integrates multiple Big Data open source technologies. For example, at Stratio we use Spark, Kafka, Elastic search and many more. Most of these technologies do not offer native security. This lack of security, not only leaves companies open to critical risks like data leakage, unsecure communications or DoS attacks but is also a major barrier to complying with different regulations such as LOPD, PCI-DSS or the upcoming GDPR. This talk gives a technical and innovative overview of how companies can face the challenge of protecting the data and services that are in their data-centric platform, focusing on three main aspects: implementing network segmentation, managing AAA and securing data processing.
By: Carlos Gómez
This document summarizes a proposed public key encryption scheme based on learning parity with noise (LPN). It aims to address the non-negligible encoding error that exists in existing public key encryption schemes based on LPN variants. The proposed scheme uses single-bit and multi-bit encryption to reduce encoding errors with only a small increase in ciphertext space and computation overhead. It is designed to withstand quantum attacks while providing strong practical security.
An introduction to the devsecops webinar will be presented by me at 10.30am EST on 29th July,2018. It's a session focussed on high level overview of devsecops which will be followed by intermediate and advanced level sessions in future.
Agenda:
-DevSecOps Introduction
-Key Challenges, Recommendations
-DevSecOps Analysis
-DevSecOps Core Practices
-DevSecOps pipeline for Application & Infrastructure Security
-DevSecOps Security Tools Selection Tips
-DevSecOps Implementation Strategy
-DevSecOps Final Checklist
The document discusses securing Cassandra and DataStax Enterprise. It begins by defining security concepts like confidentiality, integrity, availability, authentication, and authorization. It then discusses specific security features of DataStax Enterprise like access controls, authentication, authorization, backups, auditing, encryption of data in transit and at rest, and the partnership with Vormetric for enhanced encryption capabilities. The document emphasizes that security is a process, not just implementing technical controls, and provides examples of major data breaches to emphasize the importance of security.
Cassandra Day London 2015: Securing Cassandra and DataStax EnterpriseDataStax Academy
Speaker(s): Johnny Miller, Cassandra Solutions Architect at DataStax
This talk will introduce the various options around securing Cassandra and DataStax Enterprise. Attendees will gain an understanding of the various features and options available for protecting systems using Cassandra, OpsCenter and DataStax Enterprise.
Sensitive data is vulnerable when it is stored insecurely and transmitted over open networks. The PCI Security Council takes a hard line on protecting cardholder data and describes specific methods to comply with its standards.
Attend this webinar to better understand methods that make data theft more difficult for attackers and render stolen data unusable.
Topics covered include:
• Properly protecting stored cardholder data - encryption, hashing, masking and truncation
• Securing data during transmission - using strong cipher suites, valid certificates, and strong TLS security
• How to identify and mitigate missing encryption
The document provides guidance on architectural best practices for building systems on AWS. It discusses general design principles such as stopping guessing capacity needs, testing systems at production scale, and automating to enable architectural experimentation. It also covers principles for allowing evolutionary architectures and driving architectures using data. The document then outlines the five pillars of the Well-Architected Framework: operational excellence, security, reliability, performance efficiency, and cost optimization. For each pillar, it lists relevant design principles and best practices questions.
RightScale: Single Pane of Glass at Computerworld 2013RightScale
RightScale is a cloud management platform that provides tools to manage hybrid cloud environments with a single pane of glass. It offers automation, governance controls, and an open configuration framework to deploy and manage applications across private and public clouds. RightScale helps organizations increase their cloud benefits through templatized workloads, unified monitoring and management, and increased operational efficiency.
Similar to Automation Patterns for Scalable Secret Management (20)
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...alexjohnson7307
Predictive maintenance is a proactive approach that anticipates equipment failures before they happen. At the forefront of this innovative strategy is Artificial Intelligence (AI), which brings unprecedented precision and efficiency. AI in predictive maintenance is transforming industries by reducing downtime, minimizing costs, and enhancing productivity.
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdfflufftailshop
When it comes to unit testing in the .NET ecosystem, developers have a wide range of options available. Among the most popular choices are NUnit, XUnit, and MSTest. These unit testing frameworks provide essential tools and features to help ensure the quality and reliability of code. However, understanding the differences between these frameworks is crucial for selecting the most suitable one for your projects.
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxSitimaJohn
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
This presentation provides valuable insights into effective cost-saving techniques on AWS. Learn how to optimize your AWS resources by rightsizing, increasing elasticity, picking the right storage class, and choosing the best pricing model. Additionally, discover essential governance mechanisms to ensure continuous cost efficiency. Whether you are new to AWS or an experienced user, this presentation provides clear and practical tips to help you reduce your cloud costs and get the most out of your budget.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
5. A secret is some knowledge, or piece of data,
whose access should be restricted.
Knowledge of a secret is commonly used to validate
the holder’s identity (ie. Authentication).
6. Secrets grant access to resources, and are often
generated by the resources they grant access to.
Substrate: Short-hand for “resource that a secret
grants access to”.
Examples of secrets in computing:
● Passwords
● RSA Private Keys
● Encryption Keys
● API Tokens
7. A policy is applied after authentication with a secret.
If a secret maps to an identity on a resource, then a
policy maps to the privileges that identity has on
that resource, (ie. Authorisation).
Examples of policies in computing:
● File Permissions
● Access Control Lists (ACLs)
● Role-Based Access Control
(RBAC) Policies
10. Secret Management Goals
● Prevent unauthorised discovery of secrets
● Prevent misuse of discovered secrets / elevation of
privilege
11. Secret Management Tasks
● Creation
○ Randomly-generated keys of sufficient length
● Storage
○ Encrypted at rest
● Distribution
○ Encrypted transmission
○ Secrets are only held by their rightful consumer(s)
● Revocation / Renewal
○ Secrets can be revoked and renewed
12. General Principles in Secret Management
● DON’T roll your own crypto or
secret generation algorithms
● DON’T reinvent the wheel if
you don’t have to
13. General Principles in Secret Management
● DO have a central source of
truth for your secrets and who
has what kind of access to
them
● DO have an audit trail for
secrets requests
14. Secret Management Services
● eg. HashiCorp’s Vault, Square’s KeyWhiz
● Benefits
○ Modular, dedicated secret storage and creation mechanisms
○ Support for centralised ledger of secrets and audit logging of secret requests
○ Useful primitives and abstractions for secret management at scale (see later)
○ Unified, standard API for accessing and managing all secrets
○ Optimised for cloud-based architectures
● Trade-offs
○ Single point of leakage for a large number of credentials
○ Critical internal target for Denial of Service (DoS)
This talk assumes usage of a Secret Management Service.
15. A Secret Management Service maps an
identity to the resources they should
have access to, and the level of access
the identity has on that resource.
It also brokers secrets on the resource’s
behalf.
16. Secret Management Tasks
● Creation
○ Randomly-generated keys of sufficient length ✓
● Storage
○ Encrypted at rest ✓
● Distribution
○ Encrypted transmission ✓
○ Secrets are only held by their rightful consumer(s)
● Revocation / Renewal
○ Secrets can be revoked and renewed ✓
+1 Secret
Management Service
18. Assumptions
● You’re containerising your applications
● You’re using a container orchestration platform
● You’re using a secret management service
19. Secret Management Tasks
● Creation
○ Randomly-generated keys of sufficient length ✓
● Storage
○ Encrypted at rest ✓
● Distribution
○ Encrypted Transmission ✓
○ Secrets are only held by their rightful consumer(s)
● Revocation / Renewal
○ Secrets can be revoked and renewed ✓
20.
21. Distributing Secrets
• If we can securely get the initial secret granting the
container access to the Secret Management service, then
the container can securely fetch all subsequent secrets
from the service.
• But how do we fetch this first secret?
22. A Secure Introduction Service is coupled with the
cluster scheduler, and maintains a mapping of
container properties to access policies on the
Secret Management service.
Jeff Mitchell, Secure Introduction At Scale: Think Like A Vault Developer,
ContainerDays NYC 2016 Talk: https://www.youtube.com/watch?v=R-jJXm3QGLQ
23.
24.
25.
26.
27.
28.
29.
30. Secret Management Tasks
● Creation
○ Randomly-generated keys of sufficient length ✓
● Storage
○ Encrypted at rest ✓
● Distribution
○ Encrypted Transmission ✓
○ Secrets are only held by their rightful consumer(s) ✓
● Revocation / Renewal
○ Secrets can be revoked and renewed ✓
33. Secrets Scaling Poorly 1
Secret re-use for different applications using the same resource
○ n-fold increase in spatial attack surface for n applications on which
secret is re-used
○ Increases temporal attack surface to the combined lifetime of all apps
○ Potentially violates Principle of Least Privilege
35. Secret re-use for different resource instances
○ n-fold increase in spatial attack surface for n resource instances on
which secret is re-used
Secrets Scaling Poorly 2
37. Secrets Scaling Poorly 3
Secret re-use for all instances of an application
○ Increases temporal attack surface to the combined lifetime of all app
instances
38. Secret Management Issues Happen At Scale
Because Manual Secret Management is Tedious
• Manually creating secrets at scale ⇒ Tedious
• Manually distributing secrets at scale ⇒ Tedious
• Manually revoking/renewing secrets at scale ⇒ Tedious
39. Ideal Scenario
● Unique secrets for each application on a resource
○ And each application instance on a resource
● Upholding the Principle of Least Privilege for every
application instance
○ On the resource
○ On the Secret Management service
40.
41. Tools for Managing Secrets at Scale
● Secure Introduction
● Dynamic Secrets
● Leases
42. Secure Introduction
● Manual distribution of secrets assume the developer is trusted to use
those secrets for their app
● Secure Introduction creates a pipeline for that trust to percolate to
the application itself
● SI authorises an application to fetch its own secrets from the Secret
Management Service
43. Dynamic Secrets
• Supported by HashiCorp Vault
• Dynamic secrets are lazily generated on-demand from one “master”
secret
• Supports automated renewal and rotation of secrets
• Scales well for unique passwords in 1:∞ resource:client scenarios
• Requires instructions to Secret Management Service on how to
generate and revoke new credentials (eg. CREATE USER
'{{name}}'@'%' IDENTIFIED BY '{{password}}'; GRANT ALL ON db1 TO
'{{name}}'@'%'; )
44. Leases
• Supported by HashiCorp Vault
• Metadata on dynamic secrets that give them a
validity period
● The consumer must renew the lease by checking
in with Secret Management service
● Dynamic secrets that are no longer used are
revoked automatically with the lease expiry
mechanism
47. Continuous Deployment Platforms
Infrastructure platform that ensures software can be reliably deployed at any
time.
Configure once ⇒ Deploy infinite times
Automation, instrumentation, set-up/tear-down, and QA phases are incorporated
into continuous development pipelines.
Reducing lead time on deployment of new code by automating the steps leading
up to deployment.
48. Unfortunately, secret management best practices
often don’t integrate seamlessly with Continuous
Deployment setups.
Configure once ⇒ Static secret for
all app instances?
Configure once ⇒ One extremely
permissive policy for the static
secret?
49. Pattern 1: Assume the resource exists and the secret is in the target deployment environment.
Existing Secret Management Patterns in CD
50. Existing Secret Management Patterns in CD
Pattern 2: Bake secrets into application images and/or binaries
51. Existing Secret Management Patterns in CD
Pattern 3: Developer configures secret store with existing secret, CD pipeline injects during
deployment.
52. Existing Secret Management Patterns in CD
Pattern 4: Existing secret is packaged and injected during deployment
53. In all 4...
● Resources are manually created outside of the
pipeline
● Secrets are manually created outside of the
pipeline
● Low manual action in assigning secrets, but other
secret management actions (creation, distribution,
revocation/renewal) is manual
● Baking secrets into deployment images increases
attack surface of secrets to image and any
repositories the image may reside in
54. Reminder: Manual administration of
secret management does not scale
well proportionally to the number of
consumers, nor does it scale well to
the number of secrets.
55. In-band vs. Out-of-band Configuration
● In-band configuration
○ Happens in sequence within deployment pipeline
● Out-of-band configuration
○ Happens outside of sequence of deployment pipeline
● Out-of-band configuration is most commonly done manually
○ If it’s automated, there is more overhead in making it compatible with
the CD workflow
Reducing manual action == Reducing out-of-band
configurations
56. Ideal Scenario
● Dynamic Secrets and Secure Introduction is incorporated into the app
deployment workflow and abstracted away from the developer
● (Almost) all configuration is carried out in Continuous Deployment pipeline
58. Resource Creation
● Resource creation requires additional action to integrate newly-created
resource
● Ownership of Secret Management service registration and resource lifecycle
management should reside with the resource management module
59. Configuring Application Access to SM service
● The Secure Introduction service is the module that maps an application to its permissions on the
Secret Management service
● Application access configured by updating the SI service with the required mappings for the
application to fetch its required credentials. These are derived from the deployment parameters
● Ownership with CD platform or resource manager
60. Remaining Out-of-Band Configuration Per
Deploy
● Storing the master secrets for resource creation on the
Secret Management service and configuring the resource
management module to read from the Secret
Management service
○ Once per resource host/fleet
61. Possible Challenges
● Updating app mappings on Secure Introduction Service
before knowing what the app name will be
○ Generate app name with a known prefix and use a wildcard mapping on the SI service
● Mapping access modes on the resource to its
corresponding policy on the Secret Management Service
○ Use clearly-established naming conventions for Secret Management service policies
● Managing secret life cycles
○ Wrap the application in a supervising process that can fetch, renew, and revoke secrets
62. Conclusion
● Newer Secret Management services are built to be used at scale -
use them
● Secret Management is most useful when integrated into Continuous
Deployment
○ Automate fully by reducing out-of-band configurations for secret
management
○ Unify Resource and Secret Management APIs with a broker architecture
● Automating Secret Management frees up your team to do great
things