Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Managing Secrets at Scale (Deutsch)

Mark Paluch
September 08, 2016
Technology
0
160

Managing Secrets at Scale (Deutsch)

Skalieren von Microservices und der Betrieb von Docker-Container liegen gerade im Trend. Aber wie steht es um Sicherheitsaspekte? Wo legst du Passwörter ab und wie werden diese Verschlüsselt? Dieser Vortrag erklärt, wie sich hohe Sicherheitsmaßstäbe effizient mit dem Betrieb dynamischer Service-Instanzen vereinen lassen. In dieser Session lernst du Vault kennen, wie sicherheitsrelevante Daten (Zugangsdaten, Passwörter und Zertifikate) verwaltet und mit Spring Boot zugegriffen werden können.

Mark Paluch

September 08, 2016
Tweet

More Decks by Mark Paluch

See All by Mark Paluch
Data Access with Sping Data
mp911de
1
37
Project Loom: Broadening Concurrency
mp911de
0
150
Full Steam Ahead, R2DBC!
mp911de
2
530
Reactive Relational Database Connectivity 2020
mp911de
3
170
Reactive Relational Database Connectivity
mp911de
3
840
Building Event-Driven Java Applications using Redis Streams
mp911de
1
460
What's New in CDI 2.0 at JUG HH
mp911de
0
300
Reactive Spring Workshop
mp911de
1
1.2k
Under the Hood of Reactive Data Access
mp911de
3
1.8k

Other Decks in Technology

See All in Technology
TanStack Routerに移行するのかい しないのかい、どっちなんだい! / Are you going to migrate to TanStack Router or not? Which one is it?
kaminashi
0
590
The Role of Developer Relations in AI Product Success.
giftojabu1
0
120
開発生産性を上げながらビジネスも30倍成長させてきたチームの姿
kamina_zzz
2
1.7k
なぜ今 AI Agent なのか _近藤憲児
kenjikondobai
4
1.4k
Terraform未経験の御様に対してどの ように導⼊を進めていったか
tkikuchi
2
430
Terraform CI/CD パイプラインにおける AWS CodeCommit の代替手段
hiyanger
1
240
OCI Network Firewall 概要
oracle4engineer
PRO
0
4.1k
AWS Media Services 最新サービスアップデート 2024
eijikominami
0
200
個人でもIAM Identity Centerを使おう!(アクセス管理編)
ryder472
3
200
TypeScriptの次なる大進化なるか!? 条件型を返り値とする関数の型推論
uhyo
2
1.7k
信頼性に挑む中で拡張できる・得られる1人のスキルセットとは?
ken5scal
2
530
IBC 2024 動画技術関連レポート / IBC 2024 Report
cyberagentdevelopers
PRO
0
110

Featured

See All Featured
A designer walks into a library…
pauljervisheath
204
24k
The Cost Of JavaScript in 2023
addyosmani
45
6.7k
Keith and Marios Guide to Fast Websites
keithpitt
409
22k
Code Reviewing Like a Champion
maltzj
520
39k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.1k
Automating Front-end Workflow
addyosmani
1366
200k
Scaling GitHub
holman
458
140k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
28
8.2k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
250
21k
A better future with KSS
kneath
238
17k
Raft: Consensus for Rubyists
vanstee
136
6.6k
Fashionably flexible responsive web design (full day workshop)
malarkey
405
65k

Transcript

  1. Managing Secrets at Scale Unless otherwise indicated, these slides are

    © 2013-2016 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Mark Paluch, Pivotal Software Inc., @mp911de

  2. Unless otherwise indicated, these slides are © 2013-2016 Pivotal Software,

    Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Mark Paluch @mp911de github.com/mp911de paluch.biz
  3. None

  4. Unless otherwise indicated, these slides are © 2013-2016 Pivotal Software,

    Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ TomEE 4 <Resource id="MySQL Database" type="DataSource"> UserName test Password xMH5uM1V9vQzVUv5LG7YLA== PasswordCipher Static3DES </Resource>

  5. https://www.flickr.com/photos/dahlstroms/4188244058

  6. None

  7. https://www.flickr.com/photos/nateone/5456129071

  8. None
  9. None

  10. Unless otherwise indicated, these slides are © 2013-2016 Pivotal Software,

    Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Vault § Verschlüsselung § Abriegelung § Div. Authentifizierungsmechanismen § Diverse Secret Backends § ACL/Policies § HA § HTTP API 10

  11. Unless otherwise indicated, these slides are © 2013-2016 Pivotal Software,

    Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Vault: Editionen § Gesicherte Ablage § Tokens und ACLs § Dynamische vertrauliche Daten durch TTL und Schlüsselrotation § Audit Logs 11 § HSM § 24x7x365 Support Community Enterprise

  12. Unless otherwise indicated, these slides are © 2013-2016 Pivotal Software,

    Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Vertrauliche Daten wahren § Verteilung beschränken § Zugriffskontrolle § Verschlüsselung § Schlüsselrotation § Zugriff sperren 12 ✅ ✅ ✅

  13. Unless otherwise indicated, these slides are 
 © 2013-2016 Pivotal

    Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Start und Initialisierung Demo

  14. Unless otherwise indicated, these slides are 
 © 2013-2016 Pivotal

    Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Vertrauliche Daten ablegen und abrufen Demo

  15. Unless otherwise indicated, these slides are © 2013-2016 Pivotal Software,

    Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Secret Backends § AWS § Cassandra § Consul § MySQL/MSSSQL/PostgreSQL § PKI § RabbitMQ § (MongoDB ~ Vault 0.6.1) 15

  16. https://www.flickr.com/photos/kristencavanaugh/10710047746

  17. Unless otherwise indicated, these slides are © 2013-2016 Pivotal Software,

    Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Authentifizierungsmethoden § Token § Benutzername/Password § LDAP § GitHub Token
 § MFA § TLS Zertifikate § App ID § AppRole 17

  18. Unless otherwise indicated, these slides are © 2013-2016 Pivotal Software,

    Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ 18

  19. Unless otherwise indicated, these slides are © 2013-2016 Pivotal Software,

    Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ 19 1 Administrator konfiguriert AppId 2 AppId in App Konfiguration ablegen 3 Deployment: Mapping zwischen AppId to UserId 4 App start: Vault mit AppId und UserId AppId

  20. Unless otherwise indicated, these slides are © 2013-2016 Pivotal Software,

    Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ 20 1 Identity-Dokument abrufen (PKCS#7) 2 Vault Login 3 Vault: Prüfung auf gültige EC2 Instanz AWS-EC2

  21. Unless otherwise indicated, these slides are © 2013-2016 Pivotal Software,

    Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Sicherheitsfeatures für Produktiveinsatz § Auditing § Policies § Token: Lease/Expiry 21

  22. Unless otherwise indicated, these slides are © 2013-2016 Pivotal Software,

    Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Vertrauliche Daten wahren § Verteilung beschränken § Zugriffskontrolle § Verschlüsselung § Schlüsselrotation § Zugriff sperren 22 ✅ ✅ ✅ ✅ ✅

  23. Unless otherwise indicated, these slides are © 2013-2016 Pivotal Software,

    Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Betriebshinweise § SSL verwenden § Schlüsselteile (Unseal-Keys) sicher aufbewahren § High-Availability-Betrieb 23

  24. Unless otherwise indicated, these slides are 
 © 2013-2016 Pivotal

    Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Spring Cloud Vault Config Demo

  25. Unless otherwise indicated, these slides are © 2013-2016 Pivotal Software,

    Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Fazit § Vault ist ein gesicherter Service für vertrauliche Daten § Aufbewahrung und Generierung von vertraulichen Daten § Diverse Authentifizierungsmechanismen § HTTP API § Spring Cloud Vault Integration in Arbeit 25

  26. Unless otherwise indicated, these slides are © 2013-2016 Pivotal Software,

    Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Ressourcen § Vault: vaultproject.io § Code: github.com/spring-cloud-incubator/spring-cloud-vault-config § Samples: github.com/mp911de/spring-cloud-vault-config-samples § Folien: mp911.de/msasde 26

  27. Learn More. Stay Connected. Twitter: @mp911de Github: github.com/mp911de Website: paluch.biz