Explore strategies for securely storing and managing secrets in cloud and data center environments through this 48-minute conference talk from AppSecUSA 2015. Delve into the challenges of credential storage, examining various tools, technologies, and approaches for improving secret management throughout development, testing, and deployment. Learn about orchestrator decryption, application decryption, operational and organizational compartmentalization, SCM encryption tools, and secrets-as-a-service solutions. Gain insights into the advantages and disadvantages of different options to help determine the most appropriate solutions for your applications and organizations, covering both data center and cloud-based deployments with a focus on open-source tools for common enterprise platforms.
Storing Secrets in the Cloud and Data Center: Strategies and Tools
Overview
Syllabus
Intro
INTRODUCTION
WHAT'S THE PROBLEM?
WHAT GOOD LOOKS LIKE
WHAT DOES GOOD LOOK LIKE
THE FIRST TURTLE
STRATEGIES
ORCHESTRATOR DECRYPTION
APPLICATION DECRYPTION
OPERATIONAL COMPARTMENTALIZATION
ORGANIZATIONAL COMPARTMENTALIZATION
SCM ENCRYPTION TOOLS
ORCHESTRATION ENCRYPTION TOOLS
THE SECOND TURTLE
SECRETS SERVICES
SECRETS AS A SERVICE
THE THIRD TURTLE
THE BIG PICTURE
IN CLOSING
Taught by
OWASP Foundation
