Your (container) secret's safe with me.
In a containerized deployment, how do you safely pass secrets like passwords and certificates between containers without compromising their safety? If orchestration means a container can run on any machine in the cluster, how do you minimize who knows your secrets? Liz Rice explores the risks and shares best practices for keeping your secrets safe.
| Talk Title | Your (container) secret's safe with me. |
| Speakers | Liz Rice (Aqua Security) |
| Conference | O’Reilly Velocity Conference |
| Conf Tag | Build Resilient Distributed Systems |
| Location | London, United Kingdom |
| Date | October 18-20, 2017 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
The 12-Factor App manifesto has trained us to pass configuration information into containers in the form of environment variables. In many cases, that config information includes secrets, such as passwords and certificates that allow containers to identify and communicate with each other. If those secrets are leaked, an attacker has information that could enable a serious system compromise. Liz Rice outlines some of the ways that your secrets are more accessible than you might think. For example, did you know that any environment variable in a container is easily accessible from the host machine? Liz covers approaches for encrypting your secrets and explains how these can be set up under orchestrators like Docker Swarm and Kubernetes, including key management systems and key rotation. Actions speak louder than words, so Liz also digs into the technical details with live demonstrations and concludes by sharing a checklist of things to address to keep your container secrets secure. Topics include:
![Kubernetes Deconstructed: Understanding Kubernetes by Breaking It Down [I]](/2017/images/all/lf_huffc03acb4b89c823f315cae16e4b2e6b_29065_700x350_resize_q75_box.jpg)