Refactoring Applications for Dynamic Secrets - Speaker Deck

Tweet

Tweet

Slide 1

Slide 1 text

© 2023 HASHICORP 1 Refactoring Applications for Dynamic Secrets DevOpsDays NYC | June 6, 2023

Slide 2

Slide 2 text

© 2023 HASHICORP 2 Developer Advocate at HashiCorp she/her @joatmon08 joatmon08.github.io Rosemary Wang

Slide 3

Slide 3 text

© HASHICORP 3 Environment Variables or File Secrets ## Environment Variables > PG_PASSWORD=secret!123 ## File (Encrypted) > cat secret.properties.encrypted | \ base64 -d > secret.properties spring.datasource.password=secret!123 >

Slide 4

Slide 4 text

© HASHICORP 4 30 days

Slide 5

Slide 5 text

© HASHICORP 5 1 day?

Slide 6

Slide 6 text

© HASHICORP 6 Automatic reload

Slide 7

Slide 7 text

© HASHICORP 7 Controller SDK Agent Agent + Reload Automatic Reload

Slide 8

Slide 8 text

© HASHICORP 😀Low refactor 😕Runtime-specific 🔐Secret may be plaintext 8 😀Minimize disruption 😕Refactor/test code 🔐Secret in memory 😀Low refactor 😕Separate process 🔐Secret in file Controller SDK Agent Agent + Reload Automatic Reload 😀Minimize disruption 😕Framework-specific 🔐Secret in file

Slide 9

Slide 9 text

© HASHICORP 9 github.com/ hashicorp-dev-advocates/ workshop-vault-for-developers

Slide 10

Slide 10 text

© 2023 HASHICORP 10 Rosemary Wang @joatmon08 Thank you!