Track: | DevSecOps |
---|---|
When: | Wed PM-1 |
Where: | Maulden |
Organizers | Dominik de Smit Dominik de Smit |
Participants | Ajy Gupta Ajy Gupta , Chris Dobson Chris Dobson , Emma Fang Emma Fang , Felipe Zipitria Felipe Zipitria , Florian Buetow Florian Buetow , Foteini Karantoni Foteini Karantoni , Gabor Pek Gabor Pek , Jim Newman Jim Newman , Martin Rock-Evans Martin Rock-Evans , Sean Siford Sean Siford , Sean Turner Sean Turner , Sven Schleier Sven Schleier , Tom Ling Tom Ling , Zuhal Vargun Zuhal Vargun |
Remote Participants | André Rainho André Rainho , Camilo Cota Camilo Cota , Konstantinos Damianakis Konstantinos Damianakis |
Why
This Working Session will focus on secrets management - a key element of DevSecOps.
Secrets are being used everywhere nowadays with the DevOps movement. API keys, database credentials, IAM permissions, SSH keys, certificates, etc. Many organizations have them hard coded in source code, littered throughout configuration files and configuration management tools, and stored in plaintext in version control.
There is a big need in the centralizations of secrets to improve the security posture and preventing secrets from leaking and compromizing the organization. Most of the time, services are sharing the same secrets that make identifying the source of compromise or leak very challenging.
Because technologies like Containers, Kubernetes, Cloud Native are in full swing, the need for guidance around proper secrets management is at hand. This session aims at starting a new OWASP Cheat Sheet around secrets management.
What
- Identify best practices for Secrets Management (containers, cloud (AWS, Azure, GCP), applications, etc)
- Provide guidance in how to do proper secrets management across different environments
- Agree what to include in an OWASP Cheat Sheet
Outcomes
This Working Session will publish:
- A set of best practices for DevSecOps engineers
- The start of an OWASP Cheat Sheet for secrets management
Who
- DevSecOps engineers
- Security professionals
- CISOs
- Developers
- Operators
References
Register as participant
To register as participant add Secrets Management
to either:
- the
sessions
metadata field from your participant's page (find your participant page and look for the edit link). - or the
participants
metadata field from this git session page
Back to list of all Working Sessions