Mobycast

{{ show.title }}Trailer Bonus Episode {{ selectedEpisode.number }}
{{ selectedEpisode.title }}
|
{{ displaySpeed }}x
{{ selectedEpisode.title }}
By {{ selectedEpisode.author }}
Broadcast by

Summary

Applications frequently need access to sensitive data, such as database credentials, API keys, passwords and tokens.

Of course, we can't just store these secrets in plain text or hard-coded into our applications. Rather, we need to securely protect this sensitive information to ensure that only those with a "need to know" basis can access it.

In this episode of Mobycast, Jon and Chris kick off a two-part series on handling secrets for your cloud-native applications. We discuss various approaches to secrets management, ranging from basic roll-your-own techniques to fully managed solutions. We explore some of the most popular options out there and help you decide which one is best for you.

Show Notes

Support Mobycast
-> https://glow.fm/mobycast <-

In this episode, we cover the following topics:
  • What is secrets management and why we need it for our cloud-native applications.
  • Guidelines for best practices when handling secrets.
  • We walkthrough a simple, roll-your-own approach to secrets management using encryption (KMS) and an object store (S3).
    • Although this is a simple technique, it does provide a very secure (and auditable) approach to secrets handling.
  • But, for most situtations, you'll want to leverage an off-the-shelf secrets management solution. We discuss 3 popular choices, including Hashicorp Vault, AWS Systems Manager Parameter Store and Amazon Secrets Manager.
  • What are the features you should expect from a secrets management solution.
  • We take a closer look at Vault, Parameter Store and Secrets Manager, and discuss the features that each provides.
  • We finish with some guidance on how to make the right choice of secrets management solution for your applications.
Links

End Song
Warming Trend by Aphreaq

More Info

For a full transcription of this episode, please visit the episode webpage.

We'd love to hear from you! You can reach us at:

What is Mobycast?

A Podcast About Cloud Native Software Development, AWS, and Distributed Systems