Title: Keeping Secrets Secret
Time: 9:10 AM
Room: Savannah - Vaco
The process of making our code more secure has many components, but how we secure the keys to our kingdom is probably the area with the most to lose. After all, if an attacker has your database credentials, you're toast. Yet many developers don't have a comprehensive system for managing such sensitive information.
Do your software developers have access to the production database? If an employee quits, could they take their credentials with them, or could you easily revoke access without affecting the other developers or production deployments? Can you easily audit access to your secrets and see which applications are using them? Can you easily rotate secrets that are used in containerized deployments in multiple different clouds?
In this talk we'll demonstrate how to solve all of these problems with Conjur, an open source secrets management application.
Target Audience: Intermediate
Keywords: security, secrets