Managing Spring Boot Application Secrets by Badr NASS LAHSEN @ Spring I/O 2023
Spring I/O 2023 - Barcelona, 18-19 May
Slides: https://speakerdeck.com/bnasslahsen/o...
GitHub Repo: https://github.com/bnasslahsen/conjur...
Many applications require some sort of secret, such as a database password, a certificate. The growing popularity of Kubernetes and cloud adoption has gotten the attention of attackers and raised the stakes for developers. There are many challenges of secrets management in spring-boot applications.
This session will summarise the different available patterns for securing cloud native application secrets. It will demo open-source secrets management solutions like Conjur for securing access, enforcing policy, and authenticating access requests. Now, developers and DevOps engineers search for the capabilities to properly secure secrets in DevOps Pipelines.
To do their job, developers need to write applications that require secure access to resources via secrets, and security teams need to mitigate risk. This can lead to contention between developers and security teams.
The Talk will cover the following topics:
Increase the awareness of the vulnerabilities and risks. Remove No hard-coded credentials
Simplify secrets management
Introduction to the secret zero problem
Secure all application types, everywhere with JWT and Cert Based Authentication
Strong authentication and authorization - ABAC – apply least privilege
When to use Sidecar and init container patterns to improve applications security in Kubernetes ?
What is the Secretless pattern?
How to get full auditing and control by security team ?
Watch video Managing Spring Boot Application Secrets by Badr NASS LAHSEN @ Spring I/O 2023 online, duration hours minute second in high quality that is uploaded to the channel Spring I/O 23 May 2023. Share the link to the video on social media so that your subscribers and friends will also watch this video. This video clip has been viewed 1,775 times and liked it 39 visitors.
