If you build web applications, it is your job to keep your user's data safe. In order to do this, you need to properly manage passwords/secrets/credentials
within your codebase. This requires managing tradeoffs between security and convenience.
In this video, I walk through a progression of techniques to handle credentials including showing the state of the art methods within the industry today.
Hopefully this video helps you choose an appropriate approach for your next project!
Channel GitHub repo: https://github.com/sidpalas/devops-directive
Hashicorp Vault Demo:
- Talk:
https://www.youtube.com/watch?v=Y0SdwZDy20Q
- Repo: https://github.com/BenchLabs/talk-vault-ephemeral-credentials
Cheers!
---
Join the Community:
💬 Discord: https://discord.gg/3XzWctZ
💻 GitHub: https://github.com/sidpalas/devops-directive
🐥 Twitter: https://twitter.com/sidpalas
👨💼 LinkedIn: https://www.linkedin.com/in/sid-palas/
🌐 Website: https://devopsdirective.com
---
Timestamps
0:00 - Intro
0:38 - What is credential management?
1:09 - Level 0 - Hardcode the passwords wherever they are used
2:22 - Level 1 - Extract secrets into a config file
3:35 - Level 2 - Encrypt the config file
4:54 - Level 3 - Use a dedicated secret manager
6:22 - Level 4 - Dynamic ephemeral/temporary credentials
7:35 - Recap
---
Community Size at Time of Posting:
- Subscribers: 799
- Channel Views: 16075
Note: I have a running joke with my wife that I'm not going to shave my beard until I reach 1000 subscribers (the last time I did was at 100...) and it is starting to get out of control 🧔+🎅+😳+😬+😅+😂+😰+🥶+😎
4.641 Lượt nghe
Video
