Applications frequently need access to sensitive data, such as database credentials, API keys, passwords and tokens.

Of course, we can't just store these secrets in plain text or hard-coded into our applications. Rather, we need to securely protect this sensitive information to ensure that only those with a "need to know" basis can access it.

In this episode of Mobycast, Jon and Chris kick off a two-part series on handling secrets for your cloud-native applications. We discuss various approaches to secrets management, ranging from basic roll-your-own techniques to fully managed solutions. We explore some of the most popular options out there and help you decide which one is best for you.

Show Notes

Support Mobycast
-> <-

In this episode, we cover the following topics:
  • What is secrets management and why we need it for our cloud-native applications.
  • Guidelines for best practices when handling secrets.
  • We walkthrough a simple, roll-your-own approach to secrets management using encryption (KMS) and an object store (S3).
    • Although this is a simple technique, it does provide a very secure (and auditable) approach to secrets handling.
  • But, for most situtations, you'll want to leverage an off-the-shelf secrets management solution. We discuss 3 popular choices, including Hashicorp Vault, AWS Systems Manager Parameter Store and Amazon Secrets Manager.
  • What are the features you should expect from a secrets management solution.
  • We take a closer look at Vault, Parameter Store and Secrets Manager, and discuss the features that each provides.
  • We finish with some guidance on how to make the right choice of secrets management solution for your applications.

End Song
Warming Trend by Aphreaq

More Info

For a full transcription of this episode, please visit the episode webpage.

We'd love to hear from you! You can reach us at:

What is Mobycast?

A Podcast About Cloud Native Software Development, AWS, and Distributed Systems