Remove developers’ shameful secrets or simply remove shameful developers…
I started out with one goal: to eliminate hard coded secrets in code repository. For this workshop, we will do a short hands-on demo using Vault – one of many secret management tools – to automate security into CICD, building on current workflows. The workshop will also explain some concepts around secret management and technical ways to deal with the problems in achieving the one goal.
In this hands-on workshops, attendees will learn how to:
- Set up a clean development environment without Vault
- Integrate Vault into the pipeline with build tools like Jenkins and how it can interact with applications
- Bonus, if we have time, we will explore other cool features of Vault to strengthen other layers of security (SSH CA, PKI).
Watch this repository for setup instructions: https://github.com/3jmaster/devseccon2018