Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Managing Secrets at Scale (Deutsch)

Mark Paluch
September 08, 2016
Technology
0
140

Managing Secrets at Scale (Deutsch)

Skalieren von Microservices und der Betrieb von Docker-Container liegen gerade im Trend. Aber wie steht es um Sicherheitsaspekte? Wo legst du Passwörter ab und wie werden diese Verschlüsselt? Dieser Vortrag erklärt, wie sich hohe Sicherheitsmaßstäbe effizient mit dem Betrieb dynamischer Service-Instanzen vereinen lassen. In dieser Session lernst du Vault kennen, wie sicherheitsrelevante Daten (Zugangsdaten, Passwörter und Zertifikate) verwaltet und mit Spring Boot zugegriffen werden können.

Mark Paluch

September 08, 2016
Tweet

More Decks by Mark Paluch

See All by Mark Paluch
Project Loom: Broadening Concurrency
mp911de
0
140
Full Steam Ahead, R2DBC!
mp911de
2
520
Reactive Relational Database Connectivity 2020
mp911de
3
170
Reactive Relational Database Connectivity
mp911de
3
750
Building Event-Driven Java Applications using Redis Streams
mp911de
1
410
What's New in CDI 2.0 at JUG HH
mp911de
0
210
Reactive Spring Workshop
mp911de
1
980
Under the Hood of Reactive Data Access
mp911de
3
1.6k
Under the Hood of Reactive Data Access
mp911de
1
380

Other Decks in Technology

See All in Technology
開発生産性大幅アップ!Postman VS Code拡張機能
nagix
2
380
アクセス制御にまつわる改善 / Improving access control
itkq
0
550
GrafanaMeetup_AmazonManagedGrafanaのアクセス制御機能とマルチテナント環境下でのアクセス制御について
daitak
0
240
Tellus の衛星データを見てみよう #mf_fukuoka
kongmingstrap
0
210
VSCodeの拡張機能を作っている話
ebarakazuhiro
1
530
ワールドカフェI /チューターを改良する / World Café I and Improving the Tutors
ks91
PRO
0
120
TechFeed Experts Night#27 〜 フロントエンドフレームワーク最前線 (Svelte)
baseballyama
1
530
Google Cloud Next '24でブログを10本書いた方法と勉強会を沸かせた方法
yasumuusan
0
300
IaCジェネレーターとBedrockで詳細設計書を生成してみた
tsukasa_ishimaru
1
280
Meta Quest 3 で動く桜マシマシ WebXR アプリを IBM Cloud Code Engine と Babylon.js で作った話
1ftseabass
PRO
0
120
GraphQL 成熟度モデルの紹介と、プロダクトに当てはめた事例 / GraphQL maturity model
mh4gf
7
1.3k
EMとして2023年度に頑張ったこと / What we did well in FY2023 as a EM
pauli
1
170

Featured

See All Featured
Code Review Best Practice
trishagee
55
15k
Statistics for Hackers
jakevdp
789
220k
Debugging Ruby Performance
tmm1
70
11k
Build your cross-platform service in a week with App Engine
jlugia
225
17k
Product Roadmaps are Hard
iamctodd
44
9.7k
Faster Mobile Websites
deanohume
299
30k
Documentation Writing (for coders)
carmenintech
60
3.9k
Testing 201, or: Great Expectations
jmmastey
28
6.4k
How To Stay Up To Date on Web Technology
chriscoyier
782
250k
How to train your dragon (web standard)
notwaldorf
73
5.2k
How STYLIGHT went responsive
nonsquared
92
4.8k
BBQ
matthewcrist
80
8.8k

Transcript

  1. Managing Secrets at Scale Unless otherwise indicated, these slides are

    © 2013-2016 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Mark Paluch, Pivotal Software Inc., @mp911de

  2. Unless otherwise indicated, these slides are © 2013-2016 Pivotal Software,

    Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Mark Paluch @mp911de github.com/mp911de paluch.biz
  3. None

  4. Unless otherwise indicated, these slides are © 2013-2016 Pivotal Software,

    Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ TomEE 4 <Resource id="MySQL Database" type="DataSource"> UserName test Password xMH5uM1V9vQzVUv5LG7YLA== PasswordCipher Static3DES </Resource>

  5. https://www.flickr.com/photos/dahlstroms/4188244058

  6. None

  7. https://www.flickr.com/photos/nateone/5456129071

  8. None
  9. None

  10. Unless otherwise indicated, these slides are © 2013-2016 Pivotal Software,

    Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Vault § Verschlüsselung § Abriegelung § Div. Authentifizierungsmechanismen § Diverse Secret Backends § ACL/Policies § HA § HTTP API 10

  11. Unless otherwise indicated, these slides are © 2013-2016 Pivotal Software,

    Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Vault: Editionen § Gesicherte Ablage § Tokens und ACLs § Dynamische vertrauliche Daten durch TTL und Schlüsselrotation § Audit Logs 11 § HSM § 24x7x365 Support Community Enterprise

  12. Unless otherwise indicated, these slides are © 2013-2016 Pivotal Software,

    Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Vertrauliche Daten wahren § Verteilung beschränken § Zugriffskontrolle § Verschlüsselung § Schlüsselrotation § Zugriff sperren 12 ✅ ✅ ✅

  13. Unless otherwise indicated, these slides are 
 © 2013-2016 Pivotal

    Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Start und Initialisierung Demo

  14. Unless otherwise indicated, these slides are 
 © 2013-2016 Pivotal

    Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Vertrauliche Daten ablegen und abrufen Demo

  15. Unless otherwise indicated, these slides are © 2013-2016 Pivotal Software,

    Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Secret Backends § AWS § Cassandra § Consul § MySQL/MSSSQL/PostgreSQL § PKI § RabbitMQ § (MongoDB ~ Vault 0.6.1) 15

  16. https://www.flickr.com/photos/kristencavanaugh/10710047746

  17. Unless otherwise indicated, these slides are © 2013-2016 Pivotal Software,

    Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Authentifizierungsmethoden § Token § Benutzername/Password § LDAP § GitHub Token
 § MFA § TLS Zertifikate § App ID § AppRole 17

  18. Unless otherwise indicated, these slides are © 2013-2016 Pivotal Software,

    Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ 18

  19. Unless otherwise indicated, these slides are © 2013-2016 Pivotal Software,

    Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ 19 1 Administrator konfiguriert AppId 2 AppId in App Konfiguration ablegen 3 Deployment: Mapping zwischen AppId to UserId 4 App start: Vault mit AppId und UserId AppId

  20. Unless otherwise indicated, these slides are © 2013-2016 Pivotal Software,

    Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ 20 1 Identity-Dokument abrufen (PKCS#7) 2 Vault Login 3 Vault: Prüfung auf gültige EC2 Instanz AWS-EC2

  21. Unless otherwise indicated, these slides are © 2013-2016 Pivotal Software,

    Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Sicherheitsfeatures für Produktiveinsatz § Auditing § Policies § Token: Lease/Expiry 21

  22. Unless otherwise indicated, these slides are © 2013-2016 Pivotal Software,

    Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Vertrauliche Daten wahren § Verteilung beschränken § Zugriffskontrolle § Verschlüsselung § Schlüsselrotation § Zugriff sperren 22 ✅ ✅ ✅ ✅ ✅

  23. Unless otherwise indicated, these slides are © 2013-2016 Pivotal Software,

    Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Betriebshinweise § SSL verwenden § Schlüsselteile (Unseal-Keys) sicher aufbewahren § High-Availability-Betrieb 23

  24. Unless otherwise indicated, these slides are 
 © 2013-2016 Pivotal

    Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Spring Cloud Vault Config Demo

  25. Unless otherwise indicated, these slides are © 2013-2016 Pivotal Software,

    Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Fazit § Vault ist ein gesicherter Service für vertrauliche Daten § Aufbewahrung und Generierung von vertraulichen Daten § Diverse Authentifizierungsmechanismen § HTTP API § Spring Cloud Vault Integration in Arbeit 25

  26. Unless otherwise indicated, these slides are © 2013-2016 Pivotal Software,

    Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Ressourcen § Vault: vaultproject.io § Code: github.com/spring-cloud-incubator/spring-cloud-vault-config § Samples: github.com/mp911de/spring-cloud-vault-config-samples § Folien: mp911.de/msasde 26

  27. Learn More. Stay Connected. Twitter: @mp911de Github: github.com/mp911de Website: paluch.biz