January 14, 2020

250 words 2 mins read

Your (container) secret's safe with me.

Your (container) secret's safe with me.

In a containerized deployment, how do you safely pass secrets like passwords and certificates between containers without compromising their safety? If orchestration means a container can run on any machine in the cluster, how do you minimize who knows your secrets? Liz Rice explores the risks and shares best practices for keeping your secrets safe.

Talk Title Your (container) secret's safe with me.
Speakers Liz Rice (Aqua Security)
Conference O’Reilly Velocity Conference
Conf Tag Build Resilient Distributed Systems
Location London, United Kingdom
Date October 18-20, 2017
URL Talk Page
Slides Talk Slides

The 12-Factor App manifesto has trained us to pass configuration information into containers in the form of environment variables. In many cases, that config information includes secrets, such as passwords and certificates that allow containers to identify and communicate with each other. If those secrets are leaked, an attacker has information that could enable a serious system compromise. Liz Rice outlines some of the ways that your secrets are more accessible than you might think. For example, did you know that any environment variable in a container is easily accessible from the host machine? Liz covers approaches for encrypting your secrets and explains how these can be set up under orchestrators like Docker Swarm and Kubernetes, including key management systems and key rotation. Actions speak louder than words, so Liz also digs into the technical details with live demonstrations and concludes by sharing a checklist of things to address to keep your container secrets secure. Topics include:

comments powered by Disqus