Managing Spring Boot Application Secrets by Badr NASS LAHSEN @ Spring I/O 2023
Spring I/O 2023 - Barcelona, 18-19 May
Slides: https://speakerdeck.com/bnasslahsen/o...
GitHub Repo: https://github.com/bnasslahsen/conjur...
Many applications require some sort of secret, such as a database password, a certificate. The growing popularity of Kubernetes and cloud adoption has gotten the attention of attackers and raised the stakes for developers. There are many challenges of secrets management in spring-boot applications.
This session will summarise the different available patterns for securing cloud native application secrets. It will demo open-source secrets management solutions like Conjur for securing access, enforcing policy, and authenticating access requests. Now, developers and DevOps engineers search for the capabilities to properly secure secrets in DevOps Pipelines.
To do their job, developers need to write applications that require secure access to resources via secrets, and security teams need to mitigate risk. This can lead to contention between developers and security teams.
The Talk will cover the following topics:
Increase the awareness of the vulnerabilities and risks. Remove No hard-coded credentials
Simplify secrets management
Introduction to the secret zero problem
Secure all application types, everywhere with JWT and Cert Based Authentication
Strong authentication and authorization - ABAC – apply least privilege
When to use Sidecar and init container patterns to improve applications security in Kubernetes ?
What is the Secretless pattern?
How to get full auditing and control by security team ?
Смотрите видео Managing Spring Boot Application Secrets by Badr NASS LAHSEN @ Spring I/O 2023 онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь Spring I/O 23 Май 2023, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 1,775 раз и оно понравилось 39 людям.