Why Managing Secrets is so important ...
Everyone who works in IT these days is concerned with security. It's hard to go a day without reading about some sort of data leak or DDOS attack in the news affecting thousands if not millions of users. Having a solid defense-in-depth and risk management plan is key to protecting your organization's digital assets. In the past this has been the responsibility of executive management and security professionals, however these days in our brave new cloud computing world, everyone who works in and with the cloud has a far greater direct impact on releasing services that we are all responsible for taking a security-first approach.
Managing secrets is an integral part of protecting your organization and any digital assets, including on-premise and cloud native applications.
So what is Secrets Management?
First let's ask what may seem like an obvious question: What is a secret? A secret is really anything that you consider sensitive enough to protect from prying eyes, bad actors, or even incompetent ones. A more technical definition of a secret might be any credential, password, tokens, keys, or certificates used to protect data or access services used by an application or even a human.
So secrets management, then, is responsible for the governance of these secrets. Governance is a process that defines how secrets are created, protected, rotated, distributed, revoked, and destroyed. The governance process may also cover who can access what secrets and when.
While process is great on paper, at the end of the day you need tools to make the secrets management process real. Enter one fantastic tool: Hashicorp's Vault.
This course will teach you how to use Hashicorp Vault.
I have put together this easy to follow course on how to get anyone up to speed on using Hashicorp Vault as quickly as possible. You don't need to be a security professional or understand all the details behind encryption algorithms to learn Vault.
Vault is not just another password vault by the way. In this course you will learn the following:
1. Securely deploy Vault into Development and Production environments
2. Manage static secrets such as passwords
3. Generate and management dynamic secrets such as AWS access tokens or database credentials
4. How to bootstrap infrastructure and services without a human
... and many others ...
Chris Parent has been spent the last 20 years building, solutioning, architecting, and delivering enterprise-grade solutions for the US federal government and various industry verticals, including utilities, construction, and health sciences. His current areas of focus include helping traditional companies shift their on-premise products to run securely on cloud native IaaS and PaaS platforms such as Oracle Cloud and Amazon.
Chris received his B.S. in Computer Science from Rensselaer and a M.S. in Software Engineering from Penn State University. Chris currently resides with his wife, two daughters, and a Pomeranian outside of Denver, Colorado.