Talking head
DevOpsDays Philadelphia 2016

This presentation, by Andrey Utis, is licensed under a Creative Commons Attribution ShareAlike 3.0
80x15

Managing application secrets, such as database passwords or API keys, can be a tricky problem in any environment. It becomes even trickier when we have an end-to-end Continuous Delivery pipeline, deploying an application with no human intervention. The question becomes: how do we maintain secrets in source control, along with the infrastructure and functional code, without exposing them to everyone? Additionally, CapitalOne, being a large financial institution, is subject to regulations like "segregation of duties", which prohibits developers from having admin access to production. Using a combination of AWS KMS, IAM, and iptables, we were able to design a simple, cheap, and scalable solution that satisfies our security needs, as well as the regulatory requirements.

Rated: Everyone
Viewed 147 times
Tags: There are no tags for this video.