Applications frequently need access to sensitive data, such as database credentials, API keys, passwords and tokens.
Of course, we can't just store these secrets in plain text or hard-coded into our applications. Rather, we need to securely protect this sensitive information to ensure that only those with a "need to know" basis can access it.
In this episode of Mobycast, Jon and Chris kick off a two-part series on handling secrets for your cloud-native applications. We discuss various approaches to secrets management, ranging from basic roll-your-own techniques to fully managed solutions. We explore some of the most popular options out there and help you decide which one is best for you.
-> https://glow.fm/mobycast <-
- What is secrets management and why we need it for our cloud-native applications.
- Guidelines for best practices when handling secrets.
- We walkthrough a simple, roll-your-own approach to secrets management using encryption (KMS) and an object store (S3).
- Although this is a simple technique, it does provide a very secure (and auditable) approach to secrets handling.
- But, for most situtations, you'll want to leverage an off-the-shelf secrets management solution. We discuss 3 popular choices, including Hashicorp Vault, AWS Systems Manager Parameter Store and Amazon Secrets Manager.
- What are the features you should expect from a secrets management solution.
- We take a closer look at Vault, Parameter Store and Secrets Manager, and discuss the features that each provides.
- We finish with some guidance on how to make the right choice of secrets management solution for your applications.
- Secrets Management for Cloud-Native Applications
- Vault - Unlocking the Cloud Operating Model: Security
- AWS Systems Manager Parameter Store
- How AWS Systems Manager Parameter Store Uses AWS KMS
- Introducing AWS Secrets Manager
- AWS Secrets Manager
- How AWS Secrets Manager Uses AWS KMS
- Rotating Your AWS Secrets Manager Secrets
- Tutorial: Specifying Sensitive Data Using Secrets Manager Secrets
- AWS Secrets Manager now supports VPC endpoint policies
- How to Manage Secrets for Amazon EC2 Container Service–Based Applications by Using Amazon S3 and Docker
Warming Trend by Aphreaq
For a full transcription of this episode, please visit the episode webpage.
We'd love to hear from you! You can reach us at:
What is Mobycast?
A Podcast About Cloud Native Software Development, AWS, and Distributed Systems