Explore the critical topic of password and secret management in modern applications during this 28-minute EuroPython Conference talk. Delve into the various types of secrets, including encryption keys, database passwords, and API credentials, and learn about the emerging tools designed to manage, update, and audit these sensitive pieces of information. Discover best practices for avoiding security breaches and protecting your application's crucial data. Gain insights into modeling security properties for different types of secrets, selecting appropriate tools for various situations, and implementing them within major web frameworks. Examine the evolving landscape of threats and learn how to safeguard your application against potential vulnerabilities in an era of config automation and ephemeral microservices.
Overview
Syllabus
Intro
Definition
Secrets
Passwords
Tokens
Keys
Slow
Fast
Properties
Surfaces
Brute Force
Code Leak
Backup Leak
Traversal
An Aside
Code Exec
Laptop Theft
Higher Power
Text Files
git-crypt
Asymmetric
Cluster Managers
Chef Encrypted Bags
Ansible Vault
Chef Vault
Pre-encryption
Hashicorp Vault
Private S3
Amazon KMS
Sneaker
Confidant
Trousseau
Red October
Barbican
Conjur
Pure Identity
Config Management
Consul Templates
Summon
Taught by
EuroPython Conference
