Secret Management in the world of Infrastructure as Code

Config management tools have revolutionized how machines are managed, making it easy to keep your estate in infrastructure-as-code form. People can write code to modify your estate, and that can be treated in the same way as your regular code: CI, code review, and have unit and acceptance testing.

Seems great right? However, IaC is not a free lunch: having all your infrastructure information in one place can lead to some uncomfortable security pitfalls: There’s potentially a lot of sensitive information in there, such as SSH keys, API tokens and passwords. Have you ever asked yourself the awkward question: What’s the worst that could happen?

Let’s find out! - What are the risks of leaking secrets in your infrastructure? - How can we both prevent leaks from your Infrastructure as code? - What parts of the DevOps toolchain can help you? - How do you detect leaks and what can you do when they happen?



Peter Souter

Peter is a Senior Professional Services Engineer at Puppet, interested in the security implications of infrastructure-as-code and how we can keep things safe without decreasing velocity. He’s ...