Where are your credentials and secrets stored? In .env files or in environment variables, or even worse in config files? Are your primary AWS keys shared amongst developers? Do you still have SSH keys from former employees on your servers?

If your answer is "Yes" to one or more of these questions you probably haven't heard the term "secrets management"

In this talk we will look into managing secrets in development and operations, and expose the problems related to them. I will give you an overview of the current state of techniques to mitigate these problems and we'll take a brief look at how an open source tool like Hashicorp Vault can provide a solution to managing secrets in the years to come.

Comments

Comments are closed.

Great presentation skills and definitely a good, valid point was made regarding security and how important it is from a business perspective.

However, I personally think the first part (impact on a business) could have been a little bit shorter, although it is very important. From the technical perspective it would have been interesting to maybe see it more from a practical side (e.g. implementation in PHP) or further explanation on what happens when the server really gets hacked and the Vault credentials are in the hand of an attacker. How is Vault useful in this case? What needs to be done then? Etc. Also the performance impact is a very important point.

But thank you for the talk, I enjoyed it.

Nice topic, but you could work on speech volume

Quite ok

Nenad Mitic at 21:10 on 27 May 2019

Great intro into secretes management

Miro Svrtan at 17:40 on 29 May 2019

While I disagree with some ideas and premises speaker started with, I think this was a rather nice talk altogether. It had a really confusing start, with a strangely looking title it took first 15 minutes of me being confused if I'm on the right talk or did Srdjan pull a 'lets do another talk'.

It was nice to see Srdjan 'rant' levels have dropped down significantly, from the intro I know he was working hard on it and it was visible (as much as he says there will be no rants I do not support this talk is there yet )

For 5* I would:
- suggest working a bit on the business side of the story if speaker belives this is a must part of the talk, it felt like talk had 2 completely different topics
- try to keep on subject, you opened doors at few moments that made me think more about them than what was talked about next
- Hashi Vault part of the story felt like a time filler at moments
- suggest to avoid sarcastic title

As I know Srdjan personally, with my rating beeing between 3* and 4*, I decided to go for 3* just to try to be less subjective (which I know I'm not fair towards him) but I hope to see this talk again (and will give my best to attend it)