Talk in English - US at PHP TEK 2025
Track Name:
Wrigley Field
Short URL: https://joind.in/talk/2ce2a
(QR-Code (opens in new window))
At the heart of all of our tools, credentials allow human-to-machine and machine-to-machine communication. According to recent research, 93% of organizations had two or more identity-related breaches in the past year. It is clear that we need to address this growing issue. Unfortunately, many organizations are OK with using plaintext credentials, which we should all know not to do by now.
Given the scope of the problem, what can we do? Let's make a plan!
- Secrets Detection
- Secrets Management
- Developer Workflows
- Real-time Secrets Scanning
- Automatic Rotation
By the end of this session, you should have a clear roadmap for taming the machine identity mess in your code and pipelines.
Comments
Please login to leave a comment
I really liked this talk. It was very approachable and informative. It gave me some things to think about and take away. I haven't found great tooling for secrets management in php but maybe I just need to look harder.
Great introduction to the state of the world in terms of secrets management and an overview of the workflow needed to better handle these threats, not only with the traditional solutions, but with an even better path forward. I took so many notes of things to go pull the links out of the deck when it's uploaded to view/read.