DevOps Indonesia, profile picture
Uploaded byDevOps Indonesia
PDF, PPTX40 views

Securing Your Database Dynamic DB Credentials

The document discusses the importance of securing databases through dynamic credentials, focusing on authentication, authorization, and accountability. It highlights best practices such as password rotation, the use of vaults for credential management, and creating roles for user access. The presentation, delivered by Sebastianus Kurniawan Hadisantoso and Muhammad Yahya Harlan, emphasizes the necessity for auditable logs and efficient user management to enhance database security.

Embed presentation

Download as PDF, PPTX
PAGE 1 DEVOPS INDONESIA PAGE 1 DEVOPS INDONESIA Sebastianus Kurniawan Hadisantoso & M. Yahya Harlan PAYFAZZ Jakarta, 12 Agustus 2021 Securing Your Database: Dynamic DB Credentials
Securing Your Database: Dynamic DB Credentials
Speaker Profile Sebastianus Kurniawan Hadisantoso Vice President Engineering - Payfazz Teknologi Nusantara - https://www.linkedin.com/in/sebastianuskh/ - https://github.com/sebastianusk
Speaker Profile Muhammad Yahya Harlan Site Reliability Engineering - Payfazz Teknologi Nusantara - linkedin.com/in/mohdyahyahrln - anakaiti.net
Let’s Begin With A Story
Once upon a time, there is a happy developer… Who need access to the DB
He ask the DBA, get the connection String. Then, he use it… Everywhere...
It is hard to change everything. The paper might be read by someone else that is not allowed
How To Secure It?
“AAA” Computer Security 1. Authentication 2. Authorization 3. Accounting
Authentication We need to make sure that the developer is the real one
Authorization We need to make sure that the access is enough, not over granted or lack of permission, maybe create roles for every usage?
Accountability Access should be auditable, the authorized person can check the historical access
Avoid Human Vulnerability: - Password Rotation - Easy to remember password
Components
Vault - Handles credential lifecycle - Authenticates users & services - Policy mapping - Audit Logging - AAA
Google - User directory - Groups for authorization - Authentication
Kubernetes - Service attestation - Secret injection env: - key: DB_CONNSTR value: vault:database/creds/... - Secret lifecycle
Database - Dynamic user creation - Database roles Write Read Delete Apps Engineers Readonly
Demo Time! github.com/anakaiti/dynamic-db-credentials-demo
Benefits
Authentication 1. We can be sure that user is legitw
Authentication - Improvement Enforce password policy: password rotation, multi authentication
Authorization 1. Easy to manage user 2. Multi level Authorization
Authorization - Improvement 1. Using IDP that support grouping
Accountability 1. Auditable Log can be reviewed
Accountability - Improvement Send the log data to a better place to store auditrail log
Password Rotation 1. Auto rotation 2. Even better, the Human no need to know the credentials!
Other Vault Use Cases
Vault K/V
Vault SSH
Any Questions?
We Are Hiring! career@fazzfinancial.com
Stay Connected With Us! t.me/iddevops DevOps Indonesia DevOps Indonesia DevOps Indonesia @iddevops @iddevops DevOps Indonesia Scan here
PAGE 35 DEVOPS INDONESIA Alone We are smart, together We are brilliant THANK YOU ! Quote by Steve Anderson

More Related Content

PDF
Operate Containers with AWS Copilot
byDevOps Indonesia
 
PDF
Secure your Application with Google cloud armor
byDevOps Indonesia
 
PDF
Hybrid Cloud Networking
bySVForum Cloud SIG
 
PDF
Secure Your Code Implement DevSecOps in Azure
bykloia
 
PPTX
DevSecOps in 10 minutes
bykieranjacobsen
 
PDF
App sec in the time of docker containers
byAkash Mahajan
 
PPTX
Secure your applications with Azure AD and Key Vault
byDavide Benvegnù
 
PPTX
DevSecOps: Security at the Speed of DevOp
byVMware Tanzu
 
Operate Containers with AWS Copilot
byDevOps Indonesia
 
Secure your Application with Google cloud armor
byDevOps Indonesia
 
Hybrid Cloud Networking
bySVForum Cloud SIG
 
Secure Your Code Implement DevSecOps in Azure
bykloia
 
DevSecOps in 10 minutes
bykieranjacobsen
 
App sec in the time of docker containers
byAkash Mahajan
 
Secure your applications with Azure AD and Key Vault
byDavide Benvegnù
 
DevSecOps: Security at the Speed of DevOp
byVMware Tanzu
 

What's hot

PPTX
Azure AD: Enterprise-Grade Identity Provider For Your Applications
bySharePoint Saturday Hong Kong
 
PDF
The New Normal - Eric Gales, AWS Canada
byTriNimbus
 
PDF
Breaking Down the Monolith - Peter Marton, RisingStack
byNodejsFoundation
 
PPTX
Azure Key Vault with a PaaS Architecture and ARM Template Deployment
byRoy Kim
 
PPTX
How Online Retailer Resident Scaled DevOps with AWS and CloudShell Colony
byDevOps.com
 
PPTX
CyberArk Impact 2017 - REST for the Rest of Us
byJoe Garcia
 
PDF
Seven Seas Technology
byUnnikrishnan P
 
PDF
DevOps for Highly Regulated Environments
byDevOps.com
 
PDF
10 Myth of DevSecOps
byDevOps Indonesia
 
PPTX
Azure AD: Enterprise-Grade Identity Provider For Your Applications
byDavide Benvegnù
 
PPTX
Microsoft Reactor Toronto 5/5/2020 | Azure Kubernetes In Action - Running and...
byRoy Kim
 
PPTX
Cisco Security portfolio update
byAtanas Gergiminov
 
PPTX
DevSecOps: Key Controls to Modern Security Success
byPuma Security, LLC
 
PDF
Introduction to DevSecOps
bySetu Parimi
 
PDF
DevSecOps: Key Controls for Modern Security Success
byPuma Security, LLC
 
PPT
Bio IT World 2015 - DevOps Security and Transparency
byKevin Gilpin
 
PDF
Staying Secure When Moving to the Cloud - Dave Millier
byTriNimbus
 
PPTX
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
byPeter Selch Dahl
 
PDF
Achieving a Serverless Development Experience
byIvan Dwyer
 
PPTX
Identity and o365 on Azure
byMostafa
 
Azure AD: Enterprise-Grade Identity Provider For Your Applications
bySharePoint Saturday Hong Kong
 
The New Normal - Eric Gales, AWS Canada
byTriNimbus
 
Breaking Down the Monolith - Peter Marton, RisingStack
byNodejsFoundation
 
Azure Key Vault with a PaaS Architecture and ARM Template Deployment
byRoy Kim
 
How Online Retailer Resident Scaled DevOps with AWS and CloudShell Colony
byDevOps.com
 
CyberArk Impact 2017 - REST for the Rest of Us
byJoe Garcia
 
Seven Seas Technology
byUnnikrishnan P
 
DevOps for Highly Regulated Environments
byDevOps.com
 
10 Myth of DevSecOps
byDevOps Indonesia
 
Azure AD: Enterprise-Grade Identity Provider For Your Applications
byDavide Benvegnù
 
Microsoft Reactor Toronto 5/5/2020 | Azure Kubernetes In Action - Running and...
byRoy Kim
 
Cisco Security portfolio update
byAtanas Gergiminov
 
DevSecOps: Key Controls to Modern Security Success
byPuma Security, LLC
 
Introduction to DevSecOps
bySetu Parimi
 
DevSecOps: Key Controls for Modern Security Success
byPuma Security, LLC
 
Bio IT World 2015 - DevOps Security and Transparency
byKevin Gilpin
 
Staying Secure When Moving to the Cloud - Dave Millier
byTriNimbus
 
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
byPeter Selch Dahl
 
Achieving a Serverless Development Experience
byIvan Dwyer
 
Identity and o365 on Azure
byMostafa
 

Similar to Securing Your Database Dynamic DB Credentials

PDF
Credential store using HashiCorp Vault
byMayank Patel
 
PDF
Protect YugabyteDB with Hashicorp Vault.pdf
byGwenn Etourneau
 
PDF
Securing Databases with Dynamic Credentials and HashiCorp Vault
byMitchell Pronschinske
 
PPTX
Distributed Database Architecture for GDPR
byYugabyte
 
PDF
XP Days 2019: First secret delivery for modern cloud-native applications
byVlad Fedosov
 
PPTX
Security of the database
byPratik Tamgadge
 
PPTX
Securing AWS Accounts with Hashi Vault
byShrivatsa Upadhye
 
PPTX
Dynamic Database Credentials with HashiCorp Vault
byKatie Reese
 
PPTX
Introduction to Just in Time Access - BrightTalk
byHaydn Johnson
 
PDF
Keep it Secret, Keep it Safe - Docker Secrets and DI
byDana Luther
 
PDF
DevOpsDays - DevOps: Security 干我何事?
bysmalltown
 
PDF
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
byHashiCorp
 
PDF
Dynamic Database Credentials: Security Contingency Planning
bySean Chittenden
 
PDF
Vault and Security as a Service
byPatrick Shields
 
PDF
NoSQL - No Security?
byGavin Holt
 
PDF
Building secure NoSQL applications nosqlnow_conf_2014
bySujee Maniyam
 
PDF
CredHub and Secure Credential Management
byVMware Tanzu
 
PDF
NoSQL, no security?
bywurbanski
 
PDF
PUBLISHED: Database Security
byRichardBatka
 
PPTX
IS - Lecture 7 (Database Security)1.pptx
byabdulbaseerk135
 
Credential store using HashiCorp Vault
byMayank Patel
 
Protect YugabyteDB with Hashicorp Vault.pdf
byGwenn Etourneau
 
Securing Databases with Dynamic Credentials and HashiCorp Vault
byMitchell Pronschinske
 
Distributed Database Architecture for GDPR
byYugabyte
 
XP Days 2019: First secret delivery for modern cloud-native applications
byVlad Fedosov
 
Security of the database
byPratik Tamgadge
 
Securing AWS Accounts with Hashi Vault
byShrivatsa Upadhye
 
Dynamic Database Credentials with HashiCorp Vault
byKatie Reese
 
Introduction to Just in Time Access - BrightTalk
byHaydn Johnson
 
Keep it Secret, Keep it Safe - Docker Secrets and DI
byDana Luther
 
DevOpsDays - DevOps: Security 干我何事?
bysmalltown
 
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
byHashiCorp
 
Dynamic Database Credentials: Security Contingency Planning
bySean Chittenden
 
Vault and Security as a Service
byPatrick Shields
 
NoSQL - No Security?
byGavin Holt
 
Building secure NoSQL applications nosqlnow_conf_2014
bySujee Maniyam
 
CredHub and Secure Credential Management
byVMware Tanzu
 
NoSQL, no security?
bywurbanski
 
PUBLISHED: Database Security
byRichardBatka
 
IS - Lecture 7 (Database Security)1.pptx
byabdulbaseerk135
 

More from DevOps Indonesia

PDF
DevSecOps Implementation Journey
byDevOps Indonesia
 
PDF
DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022
byDevOps Indonesia
 
PDF
Securing an NGINX deployment for K8s
byDevOps Indonesia
 
PDF
DevOps Indonesia Meetup #52 - announcement
byDevOps Indonesia
 
PDF
Dev ops meetup 51 : Securing DevOps Lifecycle - Announcement
byDevOps Indonesia
 
PDF
Securing DevOps Lifecycle
byDevOps Indonesia
 
PDF
DevOps Meetup 50 : Securing your Application - Announcement
byDevOps Indonesia
 
PDF
DevOps Meetup 49 Aws Copilot and Gitops - announcement by DevOps Indonesia
byDevOps Indonesia
 
PDF
Continuously Deploy Your CDK Application by Petra novandi barus
byDevOps Indonesia
 
PDF
DevOps indonesia (online) meetup 46 aws with payfazz in devops indonesia - a...
byDevOps Indonesia
 
PDF
DevOps Indonesia (online) meetup 45 - Announcement
byDevOps Indonesia
 
PDF
The Death and Rise of Enterprise DevOps
byDevOps Indonesia
 
PDF
API Security Webinar - Credential Stuffing
byDevOps Indonesia
 
PDF
API Security Webinar - Security Guidelines for Providing and Consuming APIs
byDevOps Indonesia
 
PDF
API Security Webinar - Hendra Tanto
byDevOps Indonesia
 
PDF
API Security Webinar : Credential Stuffing
byDevOps Indonesia
 
PDF
API Security Webinar : Security Guidelines for Providing and Consuming APIs
byDevOps Indonesia
 
PDF
Feature Scoring in Green Field Application Development and DevOps
byDevOps Indonesia
 
PDF
DevOps indonesia (Online) Meetup #44 - Announcement
byDevOps Indonesia
 
PDF
Introduction to SaltStack (An Event-Based Configuration Management)
byDevOps Indonesia
 
DevSecOps Implementation Journey
byDevOps Indonesia
 
DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022
byDevOps Indonesia
 
Securing an NGINX deployment for K8s
byDevOps Indonesia
 
DevOps Indonesia Meetup #52 - announcement
byDevOps Indonesia
 
Dev ops meetup 51 : Securing DevOps Lifecycle - Announcement
byDevOps Indonesia
 
Securing DevOps Lifecycle
byDevOps Indonesia
 
DevOps Meetup 50 : Securing your Application - Announcement
byDevOps Indonesia
 
DevOps Meetup 49 Aws Copilot and Gitops - announcement by DevOps Indonesia
byDevOps Indonesia
 
Continuously Deploy Your CDK Application by Petra novandi barus
byDevOps Indonesia
 
DevOps indonesia (online) meetup 46 aws with payfazz in devops indonesia - a...
byDevOps Indonesia
 
DevOps Indonesia (online) meetup 45 - Announcement
byDevOps Indonesia
 
The Death and Rise of Enterprise DevOps
byDevOps Indonesia
 
API Security Webinar - Credential Stuffing
byDevOps Indonesia
 
API Security Webinar - Security Guidelines for Providing and Consuming APIs
byDevOps Indonesia
 
API Security Webinar - Hendra Tanto
byDevOps Indonesia
 
API Security Webinar : Credential Stuffing
byDevOps Indonesia
 
API Security Webinar : Security Guidelines for Providing and Consuming APIs
byDevOps Indonesia
 
Feature Scoring in Green Field Application Development and DevOps
byDevOps Indonesia
 
DevOps indonesia (Online) Meetup #44 - Announcement
byDevOps Indonesia
 
Introduction to SaltStack (An Event-Based Configuration Management)
byDevOps Indonesia
 

Recently uploaded

PDF
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
PDF
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
apidays Paris 2025 | Zero Trust By Design
byapidays
 
PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
PPTX
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
PPTX
Workflow and decision Automation with Flowable
bychakib ch
 
PDF
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
PDF
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
PDF
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
PPTX
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
PDF
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
PDF
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
PDF
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
PDF
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
PPTX
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 
PDF
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
PDF
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
PPTX
Microsoft Azure News - February 2026 - BAUG
byDaniel Toomey
 
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
apidays Paris 2025 | Zero Trust By Design
byapidays
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
Workflow and decision Automation with Flowable
bychakib ch
 
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
Microsoft Azure News - February 2026 - BAUG
byDaniel Toomey
 

Securing Your Database Dynamic DB Credentials