$30 off During Our Annual Pro Sale. View Details »

Refactoring Applications for Dynamic Secrets

Refactoring Applications for Dynamic Secrets

Originally presented at DevOpsDays NYC 2023

---

An application uses a database password that should change every thirty days. However, it does need to change, your application must go offline to reload configuration and use the new password. Can an application change passwords or credentials with minimal downtime?

In this session, you will learn how to architect and refactor an application to handle dynamic secrets like passwords, tokens, or secrets. This demo-driven session progressively refactors a Java application to reload when a database password changes and identifies patterns for applications running in both virtual machines and containers on Kubernetes.

No matter which programming language you are familiar with, you’ll be able to apply the patterns from this session to retrieving secrets across different applications and platforms.

Rosemary Wang

June 06, 2023
Tweet

More Decks by Rosemary Wang

Other Decks in Technology

Transcript

  1. © 2023 HASHICORP
    1
    Refactoring
    Applications for
    Dynamic Secrets
    DevOpsDays NYC | June 6, 2023

    View Slide

  2. © 2023 HASHICORP
    2
    Developer Advocate at HashiCorp
    she/her
    @joatmon08
    joatmon08.github.io
    Rosemary Wang

    View Slide

  3. © HASHICORP
    3
    Environment Variables or File
    Secrets
    ## Environment Variables
    > PG_PASSWORD=secret!123
    ## File (Encrypted)
    > cat secret.properties.encrypted | \
    base64 -d > secret.properties
    spring.datasource.password=secret!123
    >

    View Slide

  4. © HASHICORP
    4
    30 days

    View Slide

  5. © HASHICORP
    5
    1 day?

    View Slide

  6. © HASHICORP
    6
    Automatic
    reload

    View Slide

  7. © HASHICORP
    7
    Controller SDK Agent Agent +
    Reload
    Automatic Reload

    View Slide

  8. © HASHICORP
    😀Low refactor
    😕Runtime-specific
    🔐Secret may be
    plaintext
    8
    😀Minimize disruption
    😕Refactor/test code
    🔐Secret in memory
    😀Low refactor
    😕Separate process
    🔐Secret in file
    Controller SDK Agent Agent +
    Reload
    Automatic Reload
    😀Minimize disruption
    😕Framework-specific
    🔐Secret in file

    View Slide

  9. © HASHICORP
    9
    github.com/
    hashicorp-dev-advocates/
    workshop-vault-for-developers

    View Slide

  10. © 2023 HASHICORP
    10
    Rosemary Wang
    @joatmon08
    Thank you!

    View Slide