Andrey Utis
Title: Application Secret Management with AWS KMS
Description:
Managing application secrets, such as database passwords or API keys, can be a tricky problem in any environment. It becomes even trickier when we have an end-to-end Continuous Delivery pipeline, deploying an application with no human intervention. The question becomes: how do we maintain secrets in source control, along with the infrastructure and functional code, without exposing them to everyone? Additionally, CapitalOne, being a large financial institution, is subject to regulations like "segregation of duties", which prohibits developers from having admin access to production. Using a combination of AWS KMS, IAM, and iptables, we were able to design a simple, cheap, and scalable solution that satisfies our security needs, as well as the regulatory requirements.
Speaker
Andrey Utis
Andrey has a Masters in Computer Science from University of Maryland, College Park, where he primarily studied algorithms and computational complexity. In the industry, he spent several years consulting, working on a wide range of projects: implementing distributed systems, performance tuning Java applications, and optimizing large databases. Andrey has been working for CapitalOne for the last few years, initially leading customer security and fraud development teams. Currently, he is leading the Account Opening project, as well as related CI/CD and DevOps efforts.
Gold Sponsors
Become a Gold Sponsor!
Silver Sponsors
Become a Silver Sponsor!
Bronze Sponsors
Become a Bronze Sponsor!
Evening Event Sponsors
Become a Evening Event Sponsor!
Branding Sponsors
Become a Branding Sponsor!
Community Sponsors
Become a Community Sponsor!