Config management tools have revolutionized how machines are managed, making it easy to keep your estate in infrastructure-as-code form. People can write code to modify your estate, and that can be treated in the same way as your regular code: CI, code review, and have unit and acceptance testing.
Seems great right? However, IaC is not a free lunch: having all your infrastructure information in one place can lead to some uncomfortable security pitfalls: There’s potentially a lot of sensitive information in there, such as SSH keys, API tokens and passwords. Have you ever asked yourself the awkward question: What’s the worst that could happen?
Let’s find out! - What are the risks of leaking secrets in your infrastructure? - How can we both prevent leaks from your Infrastructure as code? - What parts of the DevOps toolchain can help you? - How do you detect leaks and what can you do when they happen?