Vault is a tool for securely accessing secrets. It provides encryption of secrets at rest and controls access through authentication, authorization, and auditing. Keys are rotated automatically and secrets have time-to-live limits. Vault can be used for secrets like API keys, passwords, certificates and more. It supports multiple backends for secret storage including Consul, DynamoDB, and filesystem. Vault has built-in authentication methods and is highly available through replication across multiple nodes.
Secret Management with Hashicorp’s VaultAWS Germany
When running a Kubernetes Cluster in AWS there are secrets like AWS and Kubernetes credentials, access information for databases or integration with the company LDAP that need to be stored and managed.
HashiCorp’s Vault secures, stores, and controls access to tokens, passwords, certificates, API keys, and other secrets . It handles leasing, key revocation, key rolling, and auditing.
This talk will give an overview of secret management in general and Vault’s concepts. The talk will explain how to make use of Vault’s extensive feature set and show patterns that implement integration between Kubernetes applications and Vault.
Learn from HashiCorp Vault engineer Nick Cabatoff how you can ensure that you actually use Vault effectively to allow no potential leaks of secret credentials, apis, or certs.
Presentation done at the November meeting of the Sudoers Barcelona group (https://www.meetup.com/sudoersbcn/).
HashiCorp Vault (https://www.vaultproject.io/)
"Vault és una eina per emmagatzemar i gestionar secrets. Veurem què ofereix, com instal·lar-la, utilitzar-la i operar-la, i la nostra experiència."
This session is focused on the Hashicorp vault which is a secret management tool. We can manage secrets for 2-3 environments but what if we have more than 10 environments, then it will become a very painful task to manage them when secrets are dynamic and need to be rotated after some time. Hashicorp vault can easily manage secrets for both static and dynamic also it can help in secret rotations.
Secret Management with Hashicorp’s VaultAWS Germany
When running a Kubernetes Cluster in AWS there are secrets like AWS and Kubernetes credentials, access information for databases or integration with the company LDAP that need to be stored and managed.
HashiCorp’s Vault secures, stores, and controls access to tokens, passwords, certificates, API keys, and other secrets . It handles leasing, key revocation, key rolling, and auditing.
This talk will give an overview of secret management in general and Vault’s concepts. The talk will explain how to make use of Vault’s extensive feature set and show patterns that implement integration between Kubernetes applications and Vault.
Learn from HashiCorp Vault engineer Nick Cabatoff how you can ensure that you actually use Vault effectively to allow no potential leaks of secret credentials, apis, or certs.
Presentation done at the November meeting of the Sudoers Barcelona group (https://www.meetup.com/sudoersbcn/).
HashiCorp Vault (https://www.vaultproject.io/)
"Vault és una eina per emmagatzemar i gestionar secrets. Veurem què ofereix, com instal·lar-la, utilitzar-la i operar-la, i la nostra experiència."
This session is focused on the Hashicorp vault which is a secret management tool. We can manage secrets for 2-3 environments but what if we have more than 10 environments, then it will become a very painful task to manage them when secrets are dynamic and need to be rotated after some time. Hashicorp vault can easily manage secrets for both static and dynamic also it can help in secret rotations.
Get an overview of HashiCorp's Vault concepts.
Learn how to start a Vault server.
Learn how to use the Vault's postgresql backend.
See an overview of the Vault's SSH backend integration.
This presentation was held on the DigitalOcean Meetup in Berlin. Find more details here: https://www.meetup.com/DigitalOceanBerlin/events/237123195/
Hashicorp Vault - Manage Secrets and Protect Sensitive Data.
Vault is becoming the most popular tool to manage, secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API.
In this talk we will know the most powerful features of Hashicorp in both versions (OpenSource & Enterprise) and how we can implement a solution in our dynamic infrastructure.
Hashicorp Vault: Open Source Secrets Management at #OPEN18Kangaroot
HashiCorp Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. We'll show how this works.
PerconaLive 2016 Santa Clara presentation on Hashicorp Vault with CTO Armon Dadger
https://www.percona.com/live/data-performance-conference-2016/sessions/using-vault-decouple-secrets-applications
In this talk, Oded Hareven, Co-Founder & CEO of Akeyless.io, discusses the history of the movement toward best practices in password, token, key, and credential management, including HSMs, KMSs, PAMs, and PKI management. He explores how secrets management is now a MUST for DevOps and security teams of all enterprises and why the right tool needs to be cloud-agnostic, cloud-native, integrable with any DevOps pipelines, and infinitely scalable.
What does Day 0 with Vault secrets management look like? What about Day 1? 2? N? This talk gives you a detailed look at typical Vault user progressions that provide the most successful deployments for customers
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018HashiCorp
Managing secrets in a distributed cloud world requires a new approach to security. Applications and systems are now frequently created and destroyed. The network between distributed clouds, applications, and systems is low-trust, furthering the complexities of secrets sprawl. So, what is the solution?
HashiCorp Vault seeks to solve the problem of secret sprawl by centralizing secrets management in a scalable, repeatable workflow to be able to create, manage, and revoke secrets as needed.
Watch this webinar to learn:
- How Vault addresses today’s security threats
- How security teams can use Vault to store and manage all their secrets across their private and public infrastructure, globally.
- How Adobe reduced secret sprawl, increased operational performance of a key security process, and processes 100 trillion transactions with Vault
For full webinar recording: https://hashicorp.com/resources/eliminating-secret-sprawl-in-the-cloud
Kubernetes Secrets Management on Production with DemoOpsta
Are you still keep your credential in your code?
This session will show you how to do secrets management in best practices with Hashicorp Vault with a demo on Kubernetes
Jirayut Nimsaeng
Founder & CEO
Opsta (Thailand) Co., Ltd.
Youtube Record: https://youtu.be/kBgePhkmRMA
TD Tech - Open House: The Technology Playground @ Sathorn Square
October 29, 2022
The slides from the talk I gave in Java.IL's Apr 2019 session.
These slides describe Keycloak, OAuth 2.0, OpenID and SparkBeyond's integration with Keycloak
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultJeff Horwitz
Presented to the Philly DevOps Meetup November 29, 2016.
Managing secrets is hard. It’s even harder in the cloud. At Jornaya (formerly LeadiD), we chose Hashicorp Vault to manage our secrets in AWS, and I’d like to share our experience with everyone.
Building an enterprise level single sign-on application with the help of keycloak (Open Source Identity and Access Management).
And understanding the way to secure your application; frontend & backend API’s. Managing user federation with minimum configuration.
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault Outlyer
A review of AWS security concepts, leaks at Beamly, an Introduction to Hashicorp Vault and how we use use Vault at Beamly.
Watch YouTube video here: http://bit.ly/25ytNAD
Join DevOps Exchange London Meetup: http://bit.ly/22y4Var
Follow DOXLON on Twitter: http://bit.ly/1ZdugEJ
Designing a complete ci cd pipeline using argo events, workflow and cd productsJulian Mazzitelli
https://www.youtube.com/watch?v=YmIAatr3Who
Presented at Cloud and AI DevFest GDG Montreal on September 27, 2019.
Are you looking to get more flexibility out of your CICD platform? Interested how GitOps fits into the mix? Learn how Argo CD, Workflows, and Events can be combined to craft custom CICD flows. All while staying Kubernetes native, enabling you to leverage existing observability tooling.
Unique course notes for the Certified Kubernetes Administrator (CKA) for each section of the exam. Designed to be engaging and used as a reference in the future for kubernetes concepts.
Kubernetes Montreal Talk on Vault - July 18th 2017 @ Google Montreal
Reference:
https://github.com/jpbelanger-mtl/vault-demo
https://github.com/jpbelanger-mtl/kube-pod-decorator
Secret Management Journey - Here Be Dragons aka Secret DragonsMichael Man
Secret Management Journey - In the beginning there was a file and it contained all the passwords in the plain text, but then someone stole all the passwords, so we don't do that anymore. In this talk I will explore how secret management has evolved over the years, what is the common path to maturity, what good looks like and why "Just use HashiCorp Vault" is a good heuristic. Explore with me the perils of storing secrets in Jenkins, how ansible-vault leads to disasters and where does CyberArk Conjur sit in all of this.
Get an overview of HashiCorp's Vault concepts.
Learn how to start a Vault server.
Learn how to use the Vault's postgresql backend.
See an overview of the Vault's SSH backend integration.
This presentation was held on the DigitalOcean Meetup in Berlin. Find more details here: https://www.meetup.com/DigitalOceanBerlin/events/237123195/
Hashicorp Vault - Manage Secrets and Protect Sensitive Data.
Vault is becoming the most popular tool to manage, secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API.
In this talk we will know the most powerful features of Hashicorp in both versions (OpenSource & Enterprise) and how we can implement a solution in our dynamic infrastructure.
Hashicorp Vault: Open Source Secrets Management at #OPEN18Kangaroot
HashiCorp Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. We'll show how this works.
PerconaLive 2016 Santa Clara presentation on Hashicorp Vault with CTO Armon Dadger
https://www.percona.com/live/data-performance-conference-2016/sessions/using-vault-decouple-secrets-applications
In this talk, Oded Hareven, Co-Founder & CEO of Akeyless.io, discusses the history of the movement toward best practices in password, token, key, and credential management, including HSMs, KMSs, PAMs, and PKI management. He explores how secrets management is now a MUST for DevOps and security teams of all enterprises and why the right tool needs to be cloud-agnostic, cloud-native, integrable with any DevOps pipelines, and infinitely scalable.
What does Day 0 with Vault secrets management look like? What about Day 1? 2? N? This talk gives you a detailed look at typical Vault user progressions that provide the most successful deployments for customers
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018HashiCorp
Managing secrets in a distributed cloud world requires a new approach to security. Applications and systems are now frequently created and destroyed. The network between distributed clouds, applications, and systems is low-trust, furthering the complexities of secrets sprawl. So, what is the solution?
HashiCorp Vault seeks to solve the problem of secret sprawl by centralizing secrets management in a scalable, repeatable workflow to be able to create, manage, and revoke secrets as needed.
Watch this webinar to learn:
- How Vault addresses today’s security threats
- How security teams can use Vault to store and manage all their secrets across their private and public infrastructure, globally.
- How Adobe reduced secret sprawl, increased operational performance of a key security process, and processes 100 trillion transactions with Vault
For full webinar recording: https://hashicorp.com/resources/eliminating-secret-sprawl-in-the-cloud
Kubernetes Secrets Management on Production with DemoOpsta
Are you still keep your credential in your code?
This session will show you how to do secrets management in best practices with Hashicorp Vault with a demo on Kubernetes
Jirayut Nimsaeng
Founder & CEO
Opsta (Thailand) Co., Ltd.
Youtube Record: https://youtu.be/kBgePhkmRMA
TD Tech - Open House: The Technology Playground @ Sathorn Square
October 29, 2022
The slides from the talk I gave in Java.IL's Apr 2019 session.
These slides describe Keycloak, OAuth 2.0, OpenID and SparkBeyond's integration with Keycloak
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultJeff Horwitz
Presented to the Philly DevOps Meetup November 29, 2016.
Managing secrets is hard. It’s even harder in the cloud. At Jornaya (formerly LeadiD), we chose Hashicorp Vault to manage our secrets in AWS, and I’d like to share our experience with everyone.
Building an enterprise level single sign-on application with the help of keycloak (Open Source Identity and Access Management).
And understanding the way to secure your application; frontend & backend API’s. Managing user federation with minimum configuration.
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault Outlyer
A review of AWS security concepts, leaks at Beamly, an Introduction to Hashicorp Vault and how we use use Vault at Beamly.
Watch YouTube video here: http://bit.ly/25ytNAD
Join DevOps Exchange London Meetup: http://bit.ly/22y4Var
Follow DOXLON on Twitter: http://bit.ly/1ZdugEJ
Designing a complete ci cd pipeline using argo events, workflow and cd productsJulian Mazzitelli
https://www.youtube.com/watch?v=YmIAatr3Who
Presented at Cloud and AI DevFest GDG Montreal on September 27, 2019.
Are you looking to get more flexibility out of your CICD platform? Interested how GitOps fits into the mix? Learn how Argo CD, Workflows, and Events can be combined to craft custom CICD flows. All while staying Kubernetes native, enabling you to leverage existing observability tooling.
Unique course notes for the Certified Kubernetes Administrator (CKA) for each section of the exam. Designed to be engaging and used as a reference in the future for kubernetes concepts.
Kubernetes Montreal Talk on Vault - July 18th 2017 @ Google Montreal
Reference:
https://github.com/jpbelanger-mtl/vault-demo
https://github.com/jpbelanger-mtl/kube-pod-decorator
Secret Management Journey - Here Be Dragons aka Secret DragonsMichael Man
Secret Management Journey - In the beginning there was a file and it contained all the passwords in the plain text, but then someone stole all the passwords, so we don't do that anymore. In this talk I will explore how secret management has evolved over the years, what is the common path to maturity, what good looks like and why "Just use HashiCorp Vault" is a good heuristic. Explore with me the perils of storing secrets in Jenkins, how ansible-vault leads to disasters and where does CyberArk Conjur sit in all of this.
ContainerDays Boston 2016: "Hiding in Plain Sight: Managing Secrets in a Cont...DynamicInfraDays
Slides from Jeff Mitchell's talk "Hiding in Plain Sight: Managing Secrets in a Container Environment" at ContainerDays Boston 2016: http://dynamicinfradays.org/events/2016-boston/programme.html#secrets
XP Days 2019: First secret delivery for modern cloud-native applicationsVlad Fedosov
In this talk we’ll see how Authentication and Secrets delivery work in distributed containerized applications from the inside. We’ll start from the theory of security and will go through the topics like Container Auth Role, Static & Dynamic secrets, Env vars/volumes for secret delivery, Vault & K8S secrets. After this talk you’ll get an understanding how to securely deploy your containerized workloads.
ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...DynamicInfraDays
Slides from Jeff Mitchell's talk "The Secure Introduction Problem: Getting Secrets Into Containers" at ContainerDays NYC 2016: http://dynamicinfradays.org/events/2016-nyc/programme.html#secrets
The Supporting Role of Antivirus Evasion while PersistingCTruncer
This talk goes over different techniques to evade detection by antivirus programs, talks about how Veil-Evasion evades the programs, and shows an AV signature bypass. It also then documents a large number of techniques on how actors can persist in networks.
Enemy at the gates: vulnerability research in embedded appliances Chris Hernandez
Slides from a presentation I did on hunting for vulnerabilities in network appliances and virtual appliances. Includes information on cryoserver exploit and mail piler exploit.
Long thought to be relegated to the domain of fast, multithreaded desktop applications, race conditions have made their way into web applications. These bugs are often difficult to test for, and are becoming increasingly prevalent due to faster and faster clients, while server-side languages like Node.js and PHP are struggling to keep up. Race conditions are no longer just bugs- when they are found in critical components of web applications, they become a serious security vulnerability. If the proper checks and defensive measures are not in place, databases get confused, “one-time-use” becomes a relative term, and “limited” becomes “unlimited”. This talk will detail specific examples where malicious users could cause damage or profit from a race-condition flaw in a web application. A custom open-source tool will also be introduced to help security researchers and developers easily check for this class of vulnerability in web applications.
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Mary Racter
Secret-based protocols are the most popular methods for establishing trust in authentication. Unfortunately, they are also one of the first attack surfaces to be probed when system compromise is attempted. Today’s digital services often focus on scalability, high-availability, and fault tolerance, leading to a shift towards microservices on cluster-based architectures. Secret management has evolved as well, leading to the development of cluster-compatible, open-source SM tools such as HashiCorp’s Vault. This talk is designed to help SecOps professionals leverage security concepts such as spatial and temporal attack surfaces, trust, and risk acceptance to secure their cluster credential management.
Intelligent Cloud Conference 2018 - Building secure cloud applications with A...Tom Kerkhove
It is not a secret that it is hard to manage sensitive information. Azure Key Vault allows you to securely store this kind of information ranging from secrets & certificates to cryptographic keys.
Great! But how do you use it? How do I authenticate with it and how do I build robust applications with it?
Come join me and I'll walk you through the challenges and give you some recommendations.
Implementing Active Security with Sysdig Falco - Docker Meetup BarcelonaNéstor Salceda
Woah! We have our application deployed in a cluster and ready to manage or fleet of containers. And is really awesome, we can scale them automatically! But, but... WTF?! What does it mean this message about "File below a known binary directory opened for writing"? Which container opened a file under /bin to write in among the other 9813 containers in my deployment?
When you are managing a Docker cluster with a lot of nodes and containers, finding which one originates the alert may be cumbersome. Time matters and the faster we can react to a security issue the better to avoid greater damage.
Automation is an important point in DevSecOps mindset, and in this talk we are going to learn how to implement custom playbooks with Open Source Software and deploy it using serverless technology for deploying an active security system which uses Sysdig Falco for detecting security threats.
Talk Venue: BSides Tampa 2020
Speakers: Mike Felch & Joff Thyer
This talk will focus on the many different ways that a penetration tester, or Red Teamer can leverage the Python programming language during offensive operations. Python is a rich and powerful programming language which above all else allows a competent developer to very quickly write new tools that might start as a Proof of Concept, but soon become an invaluable addition to the Red Teamer's tool-belt. Having the skills to both generate new tools, and modify existing tools on the fly is critically important to agility during testing engagement. Everything from utility processing of data, network protocol, API interaction, and exploit development can be rapidly developed due to the high functionality level and intuitive nature of Python.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
8. × Best tool for the job
× For HA, requires at least 3 consul nodes
× Dns discovery: active.vault.service.consul
× Vault doesn’t suffer from split brain
× Any number of vault instance
× Only 1 active vault node at a time
9.
10. × Everything has a TTL and Lease duration
× Generic secret, dynamic secret, keys, etc.
× Expiration / revocation
× Hierarchical structure
× Lease requires check-in to keep active
× Keep your lease short
13. × Generic
× PKI
× Cubbyhole
× Transit (crypto as a service)
× custom?
14. × Capabilities: create, update, read,
delete, list, sudo, deny
× Structure is path driven
× Parameter control: allow / deny
× Min / max wrapping TTL per policies
15.
16. × Output to file, syslog or socket
× Can output sensitive data (log_raw)
× Preferable to hash the sensitive data
× If enabled, at least one audit output is required
for the response to be sent
17. × Revoke your root token after initial setup
× Policies should be code driven
× Audit log should be monitored (w/ alerts)
× MFA for administrative accounts
× Keep lease short with periodic renewal
× Never persist your client tokens
Other secret management tools: AWS KMS, Chef “Vault”, Knox (pinterest), Red October (cloudfare)
Secured storage with HA
Key rolling used at the master key level for encryption / decryption of the vault content
OWASP Cryptographic storage cheat sheet
Encryption key is stored with data, but encrypted with another key (from the shared shamir)
Mlock is a kernel function that allow a process to “lock” part of or all it’s memory. Protecting it from being paged to disk (swap)
non root token default TTL is 32 days
revoke single or hierarchy
AppRole: roleID + secretID -> conditions only supports CIDR block source for now
AWS: complex role based condition: vpc, ami, account, subnet, role arn, instance profile, instance tag,
Gtihub used one personnal access token to get org read access.
Pki: Can generate self-signed root CA. Or push your own. Use Inter and not root CA directly.
Cubbyhole: response wrapping
Transit: encrypt and decrypt path are separate
Custom: not yet...
Policies are assigned at token creation
Validation are done per request (updating a policy will change a token behavior live)
A token can create a child token with his policies or a subset (never more than the creator)
Multiple policies can be assigned to a token
Socket is not recommended by itself (can drop entry)
Syslog configuration is limited (local only)
Use generate-root with the cli/api with 3 shared key to regenerate a new root token
An Init container requests a wrapped token from the Vault Controller
The Vault Controller retrieves the Pod details from the Kubernetes API server
If the Pod exists and contains the vaultproject.io/policies annotation a unique wrapped token is generated for the Pod.
The Vault Controller "callsback" the Pod using the Pod IP obtained from the Kubernetes API.
The Init container unwraps the token to obtain a dedicated Vault token.
The dedicated token is written to a well-known location and the Init container exits.
Another container in the Pod reads the token from the token file.
Another container in the Pod renews the token to keep it from expiring.