At the heart of all of our tools, credentials allow human-to-machine and machine-to-machine communication. According to recent research, 93% of organizations had two or more identity-related breaches in the past year. It is clear that we need to address this growing issue. Unfortunately, many organizations are OK with using plaintext credentials, which we should all know not to do by now.
Given the scope of the problem, what can we do? Let's make a plan!
- Secrets Detection
- Secrets Management
- Developer Workflows
- Real-time Secrets Scanning
- Automatic Rotation

By the end of this session, you should have a clear roadmap for taming the machine identity mess in your code and pipelines.

Comments

Please login to leave a comment

Peter Meth at 15:46 on 21 May 2025

I really liked this talk. It was very approachable and informative. It gave me some things to think about and take away. I haven't found great tooling for secrets management in php but maybe I just need to look harder.

Chris Abbey at 16:30 on 21 May 2025

Great introduction to the state of the world in terms of secrets management and an overview of the workflow needed to better handle these threats, not only with the traditional solutions, but with an even better path forward. I took so many notes of things to go pull the links out of the deck when it's uploaded to view/read.