From the course: Microservices Security Workshop: From Build to Production
Join today to access over 25,500 courses taught by industry experts.
Secrets management
From the course: Microservices Security Workshop: From Build to Production
Secrets management
- [Narrator] Now let's move to a topic that tends to cross both security design and developer experience, managing secrets and scanning for them in the pipeline. This is a big subject to cover in one lesson, but we'll break it down to focus on the most practical patterns and trade-offs that come up in real environments. First, let's talk about how secrets are managed. In a perfect world, every application would retrieve its secrets directly from a secrets manager at runtime, use them only for a specific action and then discard them immediately from memory. That ideal model avoids storing secrets on disc or in environment variables entirely making it much harder for an attacker to even try to access them should they compromise a system. But this model is not widely used in practice. It's complex to implement, often requires deep application level changes, and usually doesn't provide enough benefit to justify the cost, especially when the risk can be mitigated in simpler ways. As a…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
(Locked)
Secure libraries for common languages4m 5s
-
(Locked)
JWT crash course4m 1s
-
(Locked)
Static application security testing (SAST)3m 52s
-
(Locked)
Software composition analysis (SCA)4m 28s
-
(Locked)
Secrets management3m 47s
-
(Locked)
Infrastructure as Code (IaC) patterns4m 23s
-
(Locked)
Other shift-left stuff4m 46s
-
(Locked)
Challenge: Run and fix a SAST scan33s
-
(Locked)
Solution: Run and fix a SAST scan2m 53s
-
(Locked)
-
-
-