SlideShare a Scribd company logo

Introduce to Credstash

Download as PPTX, PDF
An Nguyen
An Nguyen

Introduce to Credstash

Software
1 of 9
1 Introduce to Credstash
2 Agenda  What’s credstash?  Why credstash?  How does it work?  Demo  Q&A
3 What’s credstash?  A distributed secret management system  Built on top of AWS  Use KMS to hold master key(s)  Use DynamoDB for secret store  Use IAM policies for access control  Use IAM EC2 roles for EC2 instance identity  Operations are available via CLI, Python library, Puppet, Ansible modules
4 Why is credstash chosen?  Satisfy basic requirements for a secret management  Lightweight Python tool  Very simple, easy to use  Cloud based solution  No infrastructure (zero-server) for management  High availability, fault tolerance  Auto scaling already implemented  The cost is cheap
5 How does credstash work? When a secret is added to credstash: 1. A new random encryption key is generated using KMS 2. The secret is encrypted with that key 3. Encryption key is itself encrypted with the KMS master key, and its plaintext is discarded 4. The encrypted data and the encrypted data of encryption key are stored in DynamoDB
6 How does credstash work? (cont.) When a secret is retrieved: 1. Pull out the data from DynamoDB 2. Decrypt the encryption key using KMS API and the KMS master key 3. Decrypt the actual secret using the decrypted key
7 Demo
8 Q&A
9 Thank You!

Recommended

MongoDB Atlas - the best way to run MongoDB in the cloud 1
MongoDB Atlas - the best way to run MongoDB in the cloud 1MongoDB Atlas - the best way to run MongoDB in the cloud 1
MongoDB Atlas - the best way to run MongoDB in the cloud 1MongoDB
 
MMMS monitoring backup and management at a single click
MMMS monitoring backup and management at a single clickMMMS monitoring backup and management at a single click
MMMS monitoring backup and management at a single clickMongoDB APAC
 
Securing Kubernetes Workloads
Securing Kubernetes WorkloadsSecuring Kubernetes Workloads
Securing Kubernetes WorkloadsJim Bugwadia
 
Being Stateful In Kubernetes
Being Stateful In KubernetesBeing Stateful In Kubernetes
Being Stateful In KubernetesKnoldus Inc.
 
Being Stateful in Kubernetes
Being Stateful in KubernetesBeing Stateful in Kubernetes
Being Stateful in KubernetesKnoldus Inc.
 
Cloud security
Cloud securityCloud security
Cloud securityWSO2
 
Aplicaciones distribuidas con Dapr
Aplicaciones distribuidas con DaprAplicaciones distribuidas con Dapr
Aplicaciones distribuidas con DaprCésar Jesús Angulo Gasco
 
Building A Cloud Security Strategy for Scale
Building A Cloud Security Strategy for ScaleBuilding A Cloud Security Strategy for Scale
Building A Cloud Security Strategy for ScaleChris Farris
 

Recommended

MongoDB Atlas - the best way to run MongoDB in the cloud 1
MongoDB Atlas - the best way to run MongoDB in the cloud 1MongoDB Atlas - the best way to run MongoDB in the cloud 1
MongoDB Atlas - the best way to run MongoDB in the cloud 1MongoDB
 
MMMS monitoring backup and management at a single click
MMMS monitoring backup and management at a single clickMMMS monitoring backup and management at a single click
MMMS monitoring backup and management at a single clickMongoDB APAC
 
Securing Kubernetes Workloads
Securing Kubernetes WorkloadsSecuring Kubernetes Workloads
Securing Kubernetes WorkloadsJim Bugwadia
 
Being Stateful In Kubernetes
Being Stateful In KubernetesBeing Stateful In Kubernetes
Being Stateful In KubernetesKnoldus Inc.
 
Being Stateful in Kubernetes
Being Stateful in KubernetesBeing Stateful in Kubernetes
Being Stateful in KubernetesKnoldus Inc.
 
Cloud security
Cloud securityCloud security
Cloud securityWSO2
 
Aplicaciones distribuidas con Dapr
Aplicaciones distribuidas con DaprAplicaciones distribuidas con Dapr
Aplicaciones distribuidas con DaprCésar Jesús Angulo Gasco
 
Building A Cloud Security Strategy for Scale
Building A Cloud Security Strategy for ScaleBuilding A Cloud Security Strategy for Scale
Building A Cloud Security Strategy for ScaleChris Farris
 
GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries
GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud BoundariesGDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries
GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud BoundariesJames Anderson
 
Log Monitoring and Anomaly Detection at Scale at ORNL
Log Monitoring and Anomaly Detection at Scale at ORNLLog Monitoring and Anomaly Detection at Scale at ORNL
Log Monitoring and Anomaly Detection at Scale at ORNLElasticsearch
 
CloudStack Collaboration Conference Opening Remarks
CloudStack Collaboration Conference Opening RemarksCloudStack Collaboration Conference Opening Remarks
CloudStack Collaboration Conference Opening Remarksbuildacloud
 
CSF18 - Securing the Cloud - Karim El-Melhaoui
CSF18 - Securing the Cloud - Karim El-MelhaouiCSF18 - Securing the Cloud - Karim El-Melhaoui
CSF18 - Securing the Cloud - Karim El-MelhaouiNCCOMMS
 
Search query assistance. Autosuggestion
Search query assistance. AutosuggestionSearch query assistance. Autosuggestion
Search query assistance. AutosuggestionWise Engineering
 
Cloud Bursting Stratos Webinar
Cloud Bursting Stratos WebinarCloud Bursting Stratos Webinar
Cloud Bursting Stratos WebinarWSO2
 
Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...
Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...
Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...DevClub_lv
 
MongoDB .local Bengaluru 2019: Distributed Transactions: With Great Power Com...
MongoDB .local Bengaluru 2019: Distributed Transactions: With Great Power Com...MongoDB .local Bengaluru 2019: Distributed Transactions: With Great Power Com...
MongoDB .local Bengaluru 2019: Distributed Transactions: With Great Power Com...MongoDB
 
Connecting Kafka Across Multiple AWS VPCs
Connecting Kafka Across Multiple AWS VPCs Connecting Kafka Across Multiple AWS VPCs
Connecting Kafka Across Multiple AWS VPCs confluent
 
Matt Chung (Independent) - Serverless application with AWS Lambda
Matt Chung (Independent) - Serverless application with AWS Lambda Matt Chung (Independent) - Serverless application with AWS Lambda
Matt Chung (Independent) - Serverless application with AWS Lambda Outlyer
 
Managing a MongoDB Deployment
Managing a MongoDB DeploymentManaging a MongoDB Deployment
Managing a MongoDB DeploymentTony Tam
 
Web scale architecture design
Web scale architecture designWeb scale architecture design
Web scale architecture designNepalAdz
 
AgileTW Feat. DevOpsTW: 維運 Kubernetes 的兩三事
AgileTW Feat. DevOpsTW: 維運 Kubernetes 的兩三事AgileTW Feat. DevOpsTW: 維運 Kubernetes 的兩三事
AgileTW Feat. DevOpsTW: 維運 Kubernetes 的兩三事smalltown
 
Server-less solution for moving Millions of Images in Cloud - Brett Sutter, ...
Server-less solution for moving Millions of Images in Cloud - Brett Sutter, ... Server-less solution for moving Millions of Images in Cloud - Brett Sutter, ...
Server-less solution for moving Millions of Images in Cloud - Brett Sutter, ...AWS Chicago
 
Azure and Deep Learning
Azure and Deep LearningAzure and Deep Learning
Azure and Deep LearningDavid Giard
 
MongoDB World 2016: Get MEAN and Lean with MongoDB and Kubernetes
MongoDB World 2016: Get MEAN and Lean with MongoDB and KubernetesMongoDB World 2016: Get MEAN and Lean with MongoDB and Kubernetes
MongoDB World 2016: Get MEAN and Lean with MongoDB and KubernetesMongoDB
 
Securing Kafka
Securing Kafka Securing Kafka
Securing Kafka confluent
 
Long running aws lambda - Joel Schuweiler, Minneapolis
Long running aws lambda - Joel Schuweiler, MinneapolisLong running aws lambda - Joel Schuweiler, Minneapolis
Long running aws lambda - Joel Schuweiler, MinneapolisAWS Chicago
 
Our CloudFlare experience
Our CloudFlare experienceOur CloudFlare experience
Our CloudFlare experienceNick Malcolm
 
Qui Quaerit, Reperit. AWS Elasticsearch in Action
Qui Quaerit, Reperit. AWS Elasticsearch in ActionQui Quaerit, Reperit. AWS Elasticsearch in Action
Qui Quaerit, Reperit. AWS Elasticsearch in ActionGlobalLogic Ukraine
 
MySQL Security on AWS Rds
MySQL Security on AWS RdsMySQL Security on AWS Rds
MySQL Security on AWS RdsMydbops
 
Introduction to AWS KMS
Introduction to AWS KMSIntroduction to AWS KMS
Introduction to AWS KMSAkesh Patil
 

More Related Content

What's hot

GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries
GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud BoundariesGDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries
GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud BoundariesJames Anderson
 
Log Monitoring and Anomaly Detection at Scale at ORNL
Log Monitoring and Anomaly Detection at Scale at ORNLLog Monitoring and Anomaly Detection at Scale at ORNL
Log Monitoring and Anomaly Detection at Scale at ORNLElasticsearch
 
CloudStack Collaboration Conference Opening Remarks
CloudStack Collaboration Conference Opening RemarksCloudStack Collaboration Conference Opening Remarks
CloudStack Collaboration Conference Opening Remarksbuildacloud
 
CSF18 - Securing the Cloud - Karim El-Melhaoui
CSF18 - Securing the Cloud - Karim El-MelhaouiCSF18 - Securing the Cloud - Karim El-Melhaoui
CSF18 - Securing the Cloud - Karim El-MelhaouiNCCOMMS
 
Search query assistance. Autosuggestion
Search query assistance. AutosuggestionSearch query assistance. Autosuggestion
Search query assistance. AutosuggestionWise Engineering
 
Cloud Bursting Stratos Webinar
Cloud Bursting Stratos WebinarCloud Bursting Stratos Webinar
Cloud Bursting Stratos WebinarWSO2
 
Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...
Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...
Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...DevClub_lv
 
MongoDB .local Bengaluru 2019: Distributed Transactions: With Great Power Com...
MongoDB .local Bengaluru 2019: Distributed Transactions: With Great Power Com...MongoDB .local Bengaluru 2019: Distributed Transactions: With Great Power Com...
MongoDB .local Bengaluru 2019: Distributed Transactions: With Great Power Com...MongoDB
 
Connecting Kafka Across Multiple AWS VPCs
Connecting Kafka Across Multiple AWS VPCs Connecting Kafka Across Multiple AWS VPCs
Connecting Kafka Across Multiple AWS VPCs confluent
 
Matt Chung (Independent) - Serverless application with AWS Lambda
Matt Chung (Independent) - Serverless application with AWS Lambda Matt Chung (Independent) - Serverless application with AWS Lambda
Matt Chung (Independent) - Serverless application with AWS Lambda Outlyer
 
Managing a MongoDB Deployment
Managing a MongoDB DeploymentManaging a MongoDB Deployment
Managing a MongoDB DeploymentTony Tam
 
Web scale architecture design
Web scale architecture designWeb scale architecture design
Web scale architecture designNepalAdz
 
AgileTW Feat. DevOpsTW: 維運 Kubernetes 的兩三事
AgileTW Feat. DevOpsTW: 維運 Kubernetes 的兩三事AgileTW Feat. DevOpsTW: 維運 Kubernetes 的兩三事
AgileTW Feat. DevOpsTW: 維運 Kubernetes 的兩三事smalltown
 
Server-less solution for moving Millions of Images in Cloud - Brett Sutter, ...
Server-less solution for moving Millions of Images in Cloud - Brett Sutter, ... Server-less solution for moving Millions of Images in Cloud - Brett Sutter, ...
Server-less solution for moving Millions of Images in Cloud - Brett Sutter, ...AWS Chicago
 
Azure and Deep Learning
Azure and Deep LearningAzure and Deep Learning
Azure and Deep LearningDavid Giard
 
MongoDB World 2016: Get MEAN and Lean with MongoDB and Kubernetes
MongoDB World 2016: Get MEAN and Lean with MongoDB and KubernetesMongoDB World 2016: Get MEAN and Lean with MongoDB and Kubernetes
MongoDB World 2016: Get MEAN and Lean with MongoDB and KubernetesMongoDB
 
Securing Kafka
Securing Kafka Securing Kafka
Securing Kafka confluent
 
Long running aws lambda - Joel Schuweiler, Minneapolis
Long running aws lambda - Joel Schuweiler, MinneapolisLong running aws lambda - Joel Schuweiler, Minneapolis
Long running aws lambda - Joel Schuweiler, MinneapolisAWS Chicago
 
Our CloudFlare experience
Our CloudFlare experienceOur CloudFlare experience
Our CloudFlare experienceNick Malcolm
 
Qui Quaerit, Reperit. AWS Elasticsearch in Action
Qui Quaerit, Reperit. AWS Elasticsearch in ActionQui Quaerit, Reperit. AWS Elasticsearch in Action
Qui Quaerit, Reperit. AWS Elasticsearch in ActionGlobalLogic Ukraine
 

What's hot (20)

GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries
GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud BoundariesGDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries
GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries
 
Log Monitoring and Anomaly Detection at Scale at ORNL
Log Monitoring and Anomaly Detection at Scale at ORNLLog Monitoring and Anomaly Detection at Scale at ORNL
Log Monitoring and Anomaly Detection at Scale at ORNL
 
CloudStack Collaboration Conference Opening Remarks
CloudStack Collaboration Conference Opening RemarksCloudStack Collaboration Conference Opening Remarks
CloudStack Collaboration Conference Opening Remarks
 
CSF18 - Securing the Cloud - Karim El-Melhaoui
CSF18 - Securing the Cloud - Karim El-MelhaouiCSF18 - Securing the Cloud - Karim El-Melhaoui
CSF18 - Securing the Cloud - Karim El-Melhaoui
 
Search query assistance. Autosuggestion
Search query assistance. AutosuggestionSearch query assistance. Autosuggestion
Search query assistance. Autosuggestion
 
Cloud Bursting Stratos Webinar
Cloud Bursting Stratos WebinarCloud Bursting Stratos Webinar
Cloud Bursting Stratos Webinar
 
Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...
Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...
Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...
 
MongoDB .local Bengaluru 2019: Distributed Transactions: With Great Power Com...
MongoDB .local Bengaluru 2019: Distributed Transactions: With Great Power Com...MongoDB .local Bengaluru 2019: Distributed Transactions: With Great Power Com...
MongoDB .local Bengaluru 2019: Distributed Transactions: With Great Power Com...
 
Connecting Kafka Across Multiple AWS VPCs
Connecting Kafka Across Multiple AWS VPCs Connecting Kafka Across Multiple AWS VPCs
Connecting Kafka Across Multiple AWS VPCs
 
Matt Chung (Independent) - Serverless application with AWS Lambda
Matt Chung (Independent) - Serverless application with AWS Lambda Matt Chung (Independent) - Serverless application with AWS Lambda
Matt Chung (Independent) - Serverless application with AWS Lambda
 
Managing a MongoDB Deployment
Managing a MongoDB DeploymentManaging a MongoDB Deployment
Managing a MongoDB Deployment
 
Web scale architecture design
Web scale architecture designWeb scale architecture design
Web scale architecture design
 
AgileTW Feat. DevOpsTW: 維運 Kubernetes 的兩三事
AgileTW Feat. DevOpsTW: 維運 Kubernetes 的兩三事AgileTW Feat. DevOpsTW: 維運 Kubernetes 的兩三事
AgileTW Feat. DevOpsTW: 維運 Kubernetes 的兩三事
 
Server-less solution for moving Millions of Images in Cloud - Brett Sutter, ...
Server-less solution for moving Millions of Images in Cloud - Brett Sutter, ... Server-less solution for moving Millions of Images in Cloud - Brett Sutter, ...
Server-less solution for moving Millions of Images in Cloud - Brett Sutter, ...
 
Azure and Deep Learning
Azure and Deep LearningAzure and Deep Learning
Azure and Deep Learning
 
MongoDB World 2016: Get MEAN and Lean with MongoDB and Kubernetes
MongoDB World 2016: Get MEAN and Lean with MongoDB and KubernetesMongoDB World 2016: Get MEAN and Lean with MongoDB and Kubernetes
MongoDB World 2016: Get MEAN and Lean with MongoDB and Kubernetes
 
Securing Kafka
Securing Kafka Securing Kafka
Securing Kafka
 
Long running aws lambda - Joel Schuweiler, Minneapolis
Long running aws lambda - Joel Schuweiler, MinneapolisLong running aws lambda - Joel Schuweiler, Minneapolis
Long running aws lambda - Joel Schuweiler, Minneapolis
 
Our CloudFlare experience
Our CloudFlare experienceOur CloudFlare experience
Our CloudFlare experience
 
Qui Quaerit, Reperit. AWS Elasticsearch in Action
Qui Quaerit, Reperit. AWS Elasticsearch in ActionQui Quaerit, Reperit. AWS Elasticsearch in Action
Qui Quaerit, Reperit. AWS Elasticsearch in Action
 

Similar to Introduce to Credstash

MySQL Security on AWS Rds
MySQL Security on AWS RdsMySQL Security on AWS Rds
MySQL Security on AWS RdsMydbops
 
Introduction to AWS KMS
Introduction to AWS KMSIntroduction to AWS KMS
Introduction to AWS KMSAkesh Patil
 
Overview of secret management solutions and architecture
Overview of secret management solutions and architectureOverview of secret management solutions and architecture
Overview of secret management solutions and architectureYuechuan (Mike) Chen
 
AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)Julien SIMON
 
Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017Amazon Web Services
 
Level 500: Let's Get (Really) Technical – Versent
Level 500: Let's Get (Really) Technical – VersentLevel 500: Let's Get (Really) Technical – Versent
Level 500: Let's Get (Really) Technical – VersentAmazon Web Services
 
AWS re:Invent 2016: Advanced Techniques for Managing Sensitive Data in the Cl...
AWS re:Invent 2016: Advanced Techniques for Managing Sensitive Data in the Cl...AWS re:Invent 2016: Advanced Techniques for Managing Sensitive Data in the Cl...
AWS re:Invent 2016: Advanced Techniques for Managing Sensitive Data in the Cl...Amazon Web Services
 
Secret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesSecret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesAn Nguyen
 
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Amazon Web Services
 
Knolx_ Sealed Secrets
Knolx_ Sealed SecretsKnolx_ Sealed Secrets
Knolx_ Sealed SecretsKnoldus Inc.
 
AWS re:Invent 2016: Get the Most from AWS KMS: Architecting Applications for ...
AWS re:Invent 2016: Get the Most from AWS KMS: Architecting Applications for ...AWS re:Invent 2016: Get the Most from AWS KMS: Architecting Applications for ...
AWS re:Invent 2016: Get the Most from AWS KMS: Architecting Applications for ...Amazon Web Services
 
(SEC301) Encryption and Key Management in AWS | AWS re:Invent 2014
(SEC301) Encryption and Key Management in AWS | AWS re:Invent 2014(SEC301) Encryption and Key Management in AWS | AWS re:Invent 2014
(SEC301) Encryption and Key Management in AWS | AWS re:Invent 2014Amazon Web Services
 
Secrets acrosscloudk8s
Secrets acrosscloudk8sSecrets acrosscloudk8s
Secrets acrosscloudk8sJhonnatan Gil
 
Kubernetes Secrets Management on Production with Demo
Kubernetes Secrets Management on Production with DemoKubernetes Secrets Management on Production with Demo
Kubernetes Secrets Management on Production with DemoOpsta
 
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Mary Racter
 
KMS at Okta - Intermediate Level
KMS at Okta - Intermediate LevelKMS at Okta - Intermediate Level
KMS at Okta - Intermediate LevelJon Todd
 
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)Amazon Web Services
 
(SEC301) Strategies for Protecting Data Using Encryption in AWS
(SEC301) Strategies for Protecting Data Using Encryption in AWS(SEC301) Strategies for Protecting Data Using Encryption in AWS
(SEC301) Strategies for Protecting Data Using Encryption in AWSAmazon Web Services
 

Similar to Introduce to Credstash (20)

MySQL Security on AWS Rds
MySQL Security on AWS RdsMySQL Security on AWS Rds
MySQL Security on AWS Rds
 
Introduction to AWS KMS
Introduction to AWS KMSIntroduction to AWS KMS
Introduction to AWS KMS
 
Overview of secret management solutions and architecture
Overview of secret management solutions and architectureOverview of secret management solutions and architecture
Overview of secret management solutions and architecture
 
AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)
 
Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017
 
Level 500: Let's Get (Really) Technical – Versent
Level 500: Let's Get (Really) Technical – VersentLevel 500: Let's Get (Really) Technical – Versent
Level 500: Let's Get (Really) Technical – Versent
 
AWS re:Invent 2016: Advanced Techniques for Managing Sensitive Data in the Cl...
AWS re:Invent 2016: Advanced Techniques for Managing Sensitive Data in the Cl...AWS re:Invent 2016: Advanced Techniques for Managing Sensitive Data in the Cl...
AWS re:Invent 2016: Advanced Techniques for Managing Sensitive Data in the Cl...
 
Secret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesSecret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on Kubernetes
 
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
 
Knolx_ Sealed Secrets
Knolx_ Sealed SecretsKnolx_ Sealed Secrets
Knolx_ Sealed Secrets
 
AWS re:Invent 2016: Get the Most from AWS KMS: Architecting Applications for ...
AWS re:Invent 2016: Get the Most from AWS KMS: Architecting Applications for ...AWS re:Invent 2016: Get the Most from AWS KMS: Architecting Applications for ...
AWS re:Invent 2016: Get the Most from AWS KMS: Architecting Applications for ...
 
(SEC301) Encryption and Key Management in AWS | AWS re:Invent 2014
(SEC301) Encryption and Key Management in AWS | AWS re:Invent 2014(SEC301) Encryption and Key Management in AWS | AWS re:Invent 2014
(SEC301) Encryption and Key Management in AWS | AWS re:Invent 2014
 
Introduction of AWS KMS
Introduction of AWS KMSIntroduction of AWS KMS
Introduction of AWS KMS
 
Secrets acrosscloudk8s
Secrets acrosscloudk8sSecrets acrosscloudk8s
Secrets acrosscloudk8s
 
Kubernetes Secrets Management on Production with Demo
Kubernetes Secrets Management on Production with DemoKubernetes Secrets Management on Production with Demo
Kubernetes Secrets Management on Production with Demo
 
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
 
KMS at Okta - Intermediate Level
KMS at Okta - Intermediate LevelKMS at Okta - Intermediate Level
KMS at Okta - Intermediate Level
 
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
 
(SEC301) Strategies for Protecting Data Using Encryption in AWS
(SEC301) Strategies for Protecting Data Using Encryption in AWS(SEC301) Strategies for Protecting Data Using Encryption in AWS
(SEC301) Strategies for Protecting Data Using Encryption in AWS
 

More from An Nguyen

Introduce to Git and Jenkins
Introduce to Git and JenkinsIntroduce to Git and Jenkins
Introduce to Git and JenkinsAn Nguyen
 
CI/CD Overview
CI/CD OverviewCI/CD Overview
CI/CD OverviewAn Nguyen
 
Introduction To AWS & AWS Lambda
Introduction To AWS & AWS LambdaIntroduction To AWS & AWS Lambda
Introduction To AWS & AWS LambdaAn Nguyen
 
Introduction To Docker, Docker Compose, Docker Swarm
Introduction To Docker, Docker Compose, Docker SwarmIntroduction To Docker, Docker Compose, Docker Swarm
Introduction To Docker, Docker Compose, Docker SwarmAn Nguyen
 
Spring framework
Spring frameworkSpring framework
Spring frameworkAn Nguyen
 
Luận văn tìm hiểu Spring
Luận văn tìm hiểu SpringLuận văn tìm hiểu Spring
Luận văn tìm hiểu SpringAn Nguyen
 
Terminal Services and VPN
Terminal Services and VPNTerminal Services and VPN
Terminal Services and VPNAn Nguyen
 
Tân sinh viên TECH - AGU 2014
Tân sinh viên TECH - AGU 2014Tân sinh viên TECH - AGU 2014
Tân sinh viên TECH - AGU 2014An Nguyen
 
Quy tắc thiết kế giao diện và viết code C#
Quy tắc thiết kế giao diện và viết code C#Quy tắc thiết kế giao diện và viết code C#
Quy tắc thiết kế giao diện và viết code C#An Nguyen
 
Nêu cao tinh thần trách nhiệm, chống chủ nghĩa cá nhân, nói đi đôi với làm
Nêu cao tinh thần trách nhiệm, chống chủ nghĩa cá nhân, nói đi đôi với làmNêu cao tinh thần trách nhiệm, chống chủ nghĩa cá nhân, nói đi đôi với làm
Nêu cao tinh thần trách nhiệm, chống chủ nghĩa cá nhân, nói đi đôi với làmAn Nguyen
 
Hướng dẫn lập trình quản lý c#
Hướng dẫn lập trình quản lý c#Hướng dẫn lập trình quản lý c#
Hướng dẫn lập trình quản lý c#An Nguyen
 
Quản lý quan hệ khách hàng
Quản lý quan hệ khách hàngQuản lý quan hệ khách hàng
Quản lý quan hệ khách hàngAn Nguyen
 
Quản lý quan hệ khách hàng
Quản lý quan hệ khách hàngQuản lý quan hệ khách hàng
Quản lý quan hệ khách hàngAn Nguyen
 
RichTetxtBox control
RichTetxtBox controlRichTetxtBox control
RichTetxtBox controlAn Nguyen
 
Hội nghị học tốt CNTT 2013 - An Giang University
Hội nghị học tốt CNTT 2013 - An Giang UniversityHội nghị học tốt CNTT 2013 - An Giang University
Hội nghị học tốt CNTT 2013 - An Giang UniversityAn Nguyen
 

More from An Nguyen (16)

Terraform
TerraformTerraform
Terraform
 
Introduce to Git and Jenkins
Introduce to Git and JenkinsIntroduce to Git and Jenkins
Introduce to Git and Jenkins
 
CI/CD Overview
CI/CD OverviewCI/CD Overview
CI/CD Overview
 
Introduction To AWS & AWS Lambda
Introduction To AWS & AWS LambdaIntroduction To AWS & AWS Lambda
Introduction To AWS & AWS Lambda
 
Introduction To Docker, Docker Compose, Docker Swarm
Introduction To Docker, Docker Compose, Docker SwarmIntroduction To Docker, Docker Compose, Docker Swarm
Introduction To Docker, Docker Compose, Docker Swarm
 
Spring framework
Spring frameworkSpring framework
Spring framework
 
Luận văn tìm hiểu Spring
Luận văn tìm hiểu SpringLuận văn tìm hiểu Spring
Luận văn tìm hiểu Spring
 
Terminal Services and VPN
Terminal Services and VPNTerminal Services and VPN
Terminal Services and VPN
 
Tân sinh viên TECH - AGU 2014
Tân sinh viên TECH - AGU 2014Tân sinh viên TECH - AGU 2014
Tân sinh viên TECH - AGU 2014
 
Quy tắc thiết kế giao diện và viết code C#
Quy tắc thiết kế giao diện và viết code C#Quy tắc thiết kế giao diện và viết code C#
Quy tắc thiết kế giao diện và viết code C#
 
Nêu cao tinh thần trách nhiệm, chống chủ nghĩa cá nhân, nói đi đôi với làm
Nêu cao tinh thần trách nhiệm, chống chủ nghĩa cá nhân, nói đi đôi với làmNêu cao tinh thần trách nhiệm, chống chủ nghĩa cá nhân, nói đi đôi với làm
Nêu cao tinh thần trách nhiệm, chống chủ nghĩa cá nhân, nói đi đôi với làm
 
Hướng dẫn lập trình quản lý c#
Hướng dẫn lập trình quản lý c#Hướng dẫn lập trình quản lý c#
Hướng dẫn lập trình quản lý c#
 
Quản lý quan hệ khách hàng
Quản lý quan hệ khách hàngQuản lý quan hệ khách hàng
Quản lý quan hệ khách hàng
 
Quản lý quan hệ khách hàng
Quản lý quan hệ khách hàngQuản lý quan hệ khách hàng
Quản lý quan hệ khách hàng
 
RichTetxtBox control
RichTetxtBox controlRichTetxtBox control
RichTetxtBox control
 
Hội nghị học tốt CNTT 2013 - An Giang University
Hội nghị học tốt CNTT 2013 - An Giang UniversityHội nghị học tốt CNTT 2013 - An Giang University
Hội nghị học tốt CNTT 2013 - An Giang University
 

Recently uploaded

The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfPower Karaoke
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningVitsRangannavar
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
What are the features of Vehicle Tracking System?
What are the features of Vehicle Tracking System?What are the features of Vehicle Tracking System?
What are the features of Vehicle Tracking System?Watsoo Telematics
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
buds n tech IT solutions
buds n tech IT solutionsbuds n tech IT solutions
buds n tech IT solutionsmonugehlot87
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 

Recently uploaded (20)

The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdf
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learning
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
What are the features of Vehicle Tracking System?
What are the features of Vehicle Tracking System?What are the features of Vehicle Tracking System?
What are the features of Vehicle Tracking System?
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
buds n tech IT solutions
buds n tech IT solutionsbuds n tech IT solutions
buds n tech IT solutions
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 

Introduce to Credstash

  • 2. 2 Agenda  What’s credstash?  Why credstash?  How does it work?  Demo  Q&A
  • 3. 3 What’s credstash?  A distributed secret management system  Built on top of AWS  Use KMS to hold master key(s)  Use DynamoDB for secret store  Use IAM policies for access control  Use IAM EC2 roles for EC2 instance identity  Operations are available via CLI, Python library, Puppet, Ansible modules
  • 4. 4 Why is credstash chosen?  Satisfy basic requirements for a secret management  Lightweight Python tool  Very simple, easy to use  Cloud based solution  No infrastructure (zero-server) for management  High availability, fault tolerance  Auto scaling already implemented  The cost is cheap
  • 5. 5 How does credstash work? When a secret is added to credstash: 1. A new random encryption key is generated using KMS 2. The secret is encrypted with that key 3. Encryption key is itself encrypted with the KMS master key, and its plaintext is discarded 4. The encrypted data and the encrypted data of encryption key are stored in DynamoDB
  • 6. 6 How does credstash work? (cont.) When a secret is retrieved: 1. Pull out the data from DynamoDB 2. Decrypt the encryption key using KMS API and the KMS master key 3. Decrypt the actual secret using the decrypted key

Editor's Notes

  1. The operation process is inverted