Burn After Reading - A Brief History of Secrets and How To Generate and Store Them

Secrets are everywhere…from your Facebook account to your bank account. In DevOps managing secrets is an enormous task that if not done properly risks the security of your project and the reputation of your company. The advent of cloud computing and the dynamic creation of large numbers of servers and services that all requiring secrets has made the task Herculean.

We’ll talk about how we can use an identity provider such as AWS IAM or Azure IAM and along with Hashicorp Vault and how they can be used to dynamically generate secrets that then expire after the work is done they were created to perform. Everyone get’s their own secrets, they are all name-spaced for easy tracking and lockdown, role-based for easy deployment and scope, and they have short life times so even if compromised they cannot be reused.

Peace of mind.




Michael McNairy

Michael McNairy is a software engineer at Pyramid Systems specializing in creating secure DevOps pipelines.