SlideShare une entreprise Scribd logo

Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault and Open Source Tools

M
Mary Racter

Secret-based protocols are the most popular methods for establishing trust in authentication. Unfortunately, they are also one of the first attack surfaces to be probed when system compromise is attempted. Today’s digital services often focus on scalability, high-availability, and fault tolerance, leading to a shift towards microservices on cluster-based architectures. Secret management has evolved as well, leading to the development of cluster-compatible, open-source SM tools such as HashiCorp’s Vault. This talk is designed to help SecOps professionals leverage security concepts such as spatial and temporal attack surfaces, trust, and risk acceptance to secure their cluster credential management.

Logiciels
1  sur  57
Télécharger pour lire hors ligne
Secure Secret Management on a Budget Mary Racter BSides Cape Town 2 December 2017 Reasoning about SM with Vault on DC/OS and Open Source Tools
whois Hello! I’m Mary. I’m a Security Engineer at Praekelt.org, an Non-Profit Organisation that provides digital solutions to support quality of life worldwide. Previously a penetration tester at MWR InfoSecurity. medium/@racter
Purpose of this Talk • An introduction to secret management • Introduction to some cybersecurity tools and primitives for secret management at scale • Some learnings about how and how not to handle secrets
Intro: What is a Secret?
A secret is some knowledge, or piece of data, that is hidden from entities who are not entitled to know it. Knowledge of a secret is commonly used to validate an entity’s identity. Examples of secrets in computing: ● Passwords ● RSA Private Keys ● Encryption Keys ● API Tokens
There are a lot of ways to infiltrate a software system, but compromising secrets are one of the most reliably low-tech methods that present a good chance of success. That’s why guessing passwords forms a part of every hacker and pentester’s offensive arsenal.
Anatomy of a Secret (for hackers)
“A full 80% of data breaches are caused by silly mistakes by those responsible for managing secrets - It’s not that the adversaries are so sophisticated.” - Rashmi Jha, DigiCert Security Summit 2017
A Story of Secrets at (medium) Scale: The Harsh Tale of Praekelt.org
Open-source software form the backbone of Praekelt.org’s software infrastructure. We run our Python web applications as Docker Containers on the open-source version of Mesosphere’s DC/OS, a cluster-based container orchestration platform. We host our codebases on GitHub.
Our containers run webapps that need stateful services like databases and message queues. How do these webapps get access to the stateful services? Why, by authenticating against them with a secret, of course.
At the moment, we create and configure stateful services on persistent hosts using Puppet. Any usernames and passwords required on those services are described in the Puppet config, which sits in GitHub.
We then… Copypasta those credentials… ...into environment variables. USERNAME=’admin’ PASSWORD=’admin’ By the way, the database you need to connect to is on 10.0.0.5 It’s called ‘postgres’ Your username is ‘admin’ and your password is ‘admin’
This is pretty risky.
• If someone manages to break into your container’s environment, reading the environment variables to gain access to secrets is trivial. • Environment variables are commonly exposed in application logs. • Many webapp frameworks’ DEBUG mode will display environment variables by default. • Credential leaks could happen if your process forks to interact with a third-party application with access to the child environment. RISKS OF PASSING SECRETS AS ENVIRONMENT VARIABLES
• Git is designed to preserve history. Unrevoked credentials in Git history are a point of exposure. • If someone at GitHub *really* wanted our secrets, they could get them. • It is quite possible to make a private repo public by accident. • Easy to expose more secrets than needed to third-party contractors and interns RISKS OF STORING SECRETS IN GITHUB (IN A PRIVATE REPO)
• Easy for those with access to fork/clone secrets wholesale. • Coarse access control - can control access to repositories, but one repository could contain secrets of varying sensitivities • You need to rotate and revoke credentials manually, which becomes more tedious the more stateful services you need to manage. Importantly… It does not allow for security best practice at scale. RISKS OF STORING SECRETS IN GITHUB (IN A PRIVATE REPO)
Secret Management Tasks • Create secrets • Store secrets • Distribute secrets • Manage secret life cycles
We’re migrating our secret creation and storage to HashiCorp’s Vault.
It is well-maintained, open-source, and designed with high-availability and container orchestrators in mind Vault is a Secret Management Solution
“Vault generates, secures, stores, and controls access to tokens, passwords, certificates, API keys, and other secrets. It handles leasing, key revocation, key rolling, and auditing. Through a unified REST API, users can access an encrypted Key/Value store and network encryption-as-a-service, or generate AWS IAM/STS credentials, SQL/NoSQL databases, X.509 certificates, SSH credentials, and more.”
Vault is only one piece of the puzzle. It can generate and store secrets securely for you, but it does not handle secure distribution.
Secret Management Tasks • Create secrets ✓ • Store secrets ✓ • Distribute secrets ० Get the secret from Vault to the correct consumer ० Keep the secret safe from exfiltration during transit ० Scaling secret distribution with large number of consumers • Manage secret life cycles
Security Management Primitive: Trust • Trust between software actors refers to waiving the frequency or rigour with which authorisation routines are conducted for privileged requests, if some preconditions are satisfied ० Example preconditions: same network trust zone (VPNs, internal networks), valid session token • Trust can be one-way or mutual • Mutual trust + degree of interdependence = coupling
$$$ Solutions • Many enterprise container orchestration platforms have components coupled with a secret store which inject secrets into containers at the time of launch, in env or mounted volumes (eg. DC/OS EE, Kubernetes/GCE) • There are also open-source tools that leverage this paradigm as well but require ecosystem buy-in (eg. EnvConsul) What do you do if you don’t have control over your scheduler logic, can’t afford an enterprise license of a product, and/or don’t want to invest in a new orchestration ecosystem?
Naive Distribution Workflow: Container asks Vault for Secrets After Launch • If the container authenticates to Vault with a secret, how does that secret get there in the first place? • How does Vault confirm the identity and permissions of the client container? • Solving this by trusting all actors who can connect over a private interface is too coarse-grained
The Secure Introduction Problem
• If we can securely get the initial secret granting the container access to Vault, then the container can securely fetch all subsequent secrets. • But how do we fetch this first secret? THE SECURE INTRODUCTION PROBLEM
General Solution: Using a Secure Introduction Agent Jeff Mitchell, Secure Introduction At Scale: Think Like A Vault Developer, ContainerDays NYC 2016 Talk: https://www.youtube.com/watch?v=R-jJXm3QGLQ
A Secure Introduction Agent is closely coupled with the cluster scheduler, and maintains a mapping of container properties (such as app name) to Vault policies. To minimise the attack surface of the initial secret, we use wrapped tokens.
Secret Distribution Primitive: Wrapped Tokens • A single-use token whose sole purpose is to encapsulate the true token value • Once the true token value is extracted, the wrapping token is useless ० Lowers risk of passing them as environment variables ० Lowers risk of exposure through logs of intermediary services
Excellent...But… admin:admin? Again? For all clients connecting to that resource? Let’s try kill this bird (and another one) next.
Secret Management Tasks • Create secrets ✓ • Store secrets ✓ • Distribute secrets ✓ • Manage secret life cycles ० Revoke secrets from entities no longer requiring them ० Revoke compromised secrets and issuing new ones (key-rolling) ० Destroy invalid secrets ० Prevent re-use of secret value
Goals of Secret Lifecycle Management ● Reduce validity period of secret to narrow its temporal attack surface ● Reduce algorithmic attack surface by not exposing expired credentials with the same generation method ● Reduce usefulness of compromised credentials to malicious parties ● Automating this at scale
What Does Automated Lifecycle Management Look Like? A couple of primitives and some glue ;)
Vault Secret Management Primitive: Dynamic Secrets • Dynamic secrets are lazily generated when they are needed from one “master” secret • Prevents hard-coding of secrets • Prevents secret re-use by automating new secret generation • Supports automated renewal and rotation of secrets • Scales well for unique passwords in 1:∞ resource:client scenarios
Dynamic Secrets Example: Postgres ● The secret management service holds a master secret (username + password) to a Postgres database ० This master secret is authorised to create new roles ● When a consumer needs access to that database, it requests a new set of dynamic secrets from Vault ● Vault authenticates to the Postgres database with the master secrets, then runs queries to create the dynamic secret ● Vault wraps the new secret with some metadata and returns it to the consumer
Vault Secret Management Primitive: Leases ● Leases are metadata for issued secrets that describe their validity ० Every dynamic secret and auth token issued by Vault has a lease ID ० A lease contains info on the validity period (Time to Live) of a secret, renewability, etc. ● Leases allow the validity period of secrets to be extended or for secrets to be revoked by referencing the lease ID ● Leases with a short TTL forces consumers to check in with Vault continuously to keep the secrets from expiring ● Dynamic secrets that are no longer used are revoked automatically with the lease expiry mechanism
Putting it Together ● At container launch, a helper process in the container fetches the required secrets (to a file or to the environment) ● The helper process also makes calls to Vault to renew the leases on those secrets ● As long as the container is alive, the secrets remain valid ● If the container dies for any reason, the helper process stops renewing leases and lets those secrets expire
In conclusion ● Secret management in medium-scale, open-source system still relatively unexplored ● In a pinch, you can use your scheduler as an identity server for clients that consume secrets ● Moving beyond storing secrets in cloud repositories is possible without paying fiat currency ● Most secret management solutions for container orchestration platforms exploit trust and couplings to distribute secrets - see if you can spot where it happens!
Open Source Tools • HashiCorp Vault - https://www.vaultproject.io • Vault-Gatekeeper-Mesos - https://github.com/ChannelMeter/vault-gatekeeper-mesos • Vaultkeeper - https://github.com/praekeltfoundation/vaultkeeper • EnvConsul - https://github.com/hashicorp/envconsul
Thank you! Questions? Feel free to drop me mail about Praekelt or secret management at mary@praekelt.org

Recommandé

Automation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementAutomation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementMary Racter
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets ManagementAkeyless
 
Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Chris Ryu
 
Secrets as Code
Secrets as CodeSecrets as Code
Secrets as CodeJohann Gyger
 
The Key to Strong Cloud Security
The Key to Strong Cloud SecurityThe Key to Strong Cloud Security
The Key to Strong Cloud SecurityAkeyless
 
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...Akeyless
 
Kubernetes Secrets - The Good, The Bad, and The Ugly - Akeyless
Kubernetes Secrets - The Good, The Bad, and The Ugly - AkeylessKubernetes Secrets - The Good, The Bad, and The Ugly - Akeyless
Kubernetes Secrets - The Good, The Bad, and The Ugly - AkeylessAkeyless
 
Streamline CI/CD with Just-in-Time Access
Streamline CI/CD with Just-in-Time AccessStreamline CI/CD with Just-in-Time Access
Streamline CI/CD with Just-in-Time AccessAkeyless
 

Recommandé

Automation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementAutomation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementMary Racter
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets ManagementAkeyless
 
Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Chris Ryu
 
Secrets as Code
Secrets as CodeSecrets as Code
Secrets as CodeJohann Gyger
 
The Key to Strong Cloud Security
The Key to Strong Cloud SecurityThe Key to Strong Cloud Security
The Key to Strong Cloud SecurityAkeyless
 
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...Akeyless
 
Kubernetes Secrets - The Good, The Bad, and The Ugly - Akeyless
Kubernetes Secrets - The Good, The Bad, and The Ugly - AkeylessKubernetes Secrets - The Good, The Bad, and The Ugly - Akeyless
Kubernetes Secrets - The Good, The Bad, and The Ugly - AkeylessAkeyless
 
Streamline CI/CD with Just-in-Time Access
Streamline CI/CD with Just-in-Time AccessStreamline CI/CD with Just-in-Time Access
Streamline CI/CD with Just-in-Time AccessAkeyless
 
Secret Management Architectures
Secret Management Architectures Secret Management Architectures
Secret Management Architectures Stenio Ferreira
 
Kubernetes Secrets Management - Securing Your Production Environment
Kubernetes Secrets Management - Securing Your Production EnvironmentKubernetes Secrets Management - Securing Your Production Environment
Kubernetes Secrets Management - Securing Your Production EnvironmentAkeyless
 
IBM Secret Key management protoco
IBM Secret Key management protocoIBM Secret Key management protoco
IBM Secret Key management protocogori4
 
Recipe for good secrets management
Recipe for good secrets managementRecipe for good secrets management
Recipe for good secrets managementKevin Gilpin
 
Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...
Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...
Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...Bloombase
 
Hardening Kubernetes Cluster
Hardening Kubernetes ClusterHardening Kubernetes Cluster
Hardening Kubernetes ClusterKnoldus Inc.
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture AddWeb Solution Pvt. Ltd.
 
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL CertificatesHashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL CertificatesNick Maludy
 
Introduction to vault
Introduction to vaultIntroduction to vault
Introduction to vaultHenrik Høegh
 
Global Azure Bootcamp 2017 - Azure Key Vault
Global Azure Bootcamp 2017 - Azure Key VaultGlobal Azure Bootcamp 2017 - Azure Key Vault
Global Azure Bootcamp 2017 - Azure Key VaultAlberto Diaz Martin
 
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018HashiCorp
 
Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultTom Kerkhove
 
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...DevOps.com
 
Secret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesSecret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesAn Nguyen
 
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultTom Kerkhove
 
Shifting security left simplifying security for k8s open shift environments
Shifting security left simplifying security for k8s open shift environmentsShifting security left simplifying security for k8s open shift environments
Shifting security left simplifying security for k8s open shift environmentsLibbySchulze
 
Azure key vault
Azure key vaultAzure key vault
Azure key vaultRahul Nath
 
Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentCryptzone
 
Exploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerExploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerNovell
 
Managing your secrets in a cloud environment
Managing your secrets in a cloud environmentManaging your secrets in a cloud environment
Managing your secrets in a cloud environmentTaswar Bhatti
 
Intelligent Cloud Conference 2018 - Building secure cloud applications with A...
Intelligent Cloud Conference 2018 - Building secure cloud applications with A...Intelligent Cloud Conference 2018 - Building secure cloud applications with A...
Intelligent Cloud Conference 2018 - Building secure cloud applications with A...Tom Kerkhove
 

Contenu connexe

Tendances

Secret Management Architectures
Secret Management Architectures Secret Management Architectures
Secret Management Architectures Stenio Ferreira
 
Kubernetes Secrets Management - Securing Your Production Environment
Kubernetes Secrets Management - Securing Your Production EnvironmentKubernetes Secrets Management - Securing Your Production Environment
Kubernetes Secrets Management - Securing Your Production EnvironmentAkeyless
 
IBM Secret Key management protoco
IBM Secret Key management protocoIBM Secret Key management protoco
IBM Secret Key management protocogori4
 
Recipe for good secrets management
Recipe for good secrets managementRecipe for good secrets management
Recipe for good secrets managementKevin Gilpin
 
Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...
Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...
Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...Bloombase
 
Hardening Kubernetes Cluster
Hardening Kubernetes ClusterHardening Kubernetes Cluster
Hardening Kubernetes ClusterKnoldus Inc.
 
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL CertificatesHashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL CertificatesNick Maludy
 
Introduction to vault
Introduction to vaultIntroduction to vault
Introduction to vaultHenrik Høegh
 
Global Azure Bootcamp 2017 - Azure Key Vault
Global Azure Bootcamp 2017 - Azure Key VaultGlobal Azure Bootcamp 2017 - Azure Key Vault
Global Azure Bootcamp 2017 - Azure Key VaultAlberto Diaz Martin
 
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018HashiCorp
 
Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultTom Kerkhove
 
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...DevOps.com
 
Secret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesSecret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesAn Nguyen
 
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultTom Kerkhove
 
Shifting security left simplifying security for k8s open shift environments
Shifting security left simplifying security for k8s open shift environmentsShifting security left simplifying security for k8s open shift environments
Shifting security left simplifying security for k8s open shift environmentsLibbySchulze
 
Azure key vault
Azure key vaultAzure key vault
Azure key vaultRahul Nath
 
Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentCryptzone
 
Exploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerExploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerNovell
 

Tendances (20)

Secret Management Architectures
Secret Management Architectures Secret Management Architectures
Secret Management Architectures
 
Kubernetes Secrets Management - Securing Your Production Environment
Kubernetes Secrets Management - Securing Your Production EnvironmentKubernetes Secrets Management - Securing Your Production Environment
Kubernetes Secrets Management - Securing Your Production Environment
 
IBM Secret Key management protoco
IBM Secret Key management protocoIBM Secret Key management protoco
IBM Secret Key management protoco
 
Recipe for good secrets management
Recipe for good secrets managementRecipe for good secrets management
Recipe for good secrets management
 
Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...
Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...
Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...
 
Hardening Kubernetes Cluster
Hardening Kubernetes ClusterHardening Kubernetes Cluster
Hardening Kubernetes Cluster
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
 
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL CertificatesHashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
 
Introduction to vault
Introduction to vaultIntroduction to vault
Introduction to vault
 
Global Azure Bootcamp 2017 - Azure Key Vault
Global Azure Bootcamp 2017 - Azure Key VaultGlobal Azure Bootcamp 2017 - Azure Key Vault
Global Azure Bootcamp 2017 - Azure Key Vault
 
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
 
Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key Vault
 
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...
 
Secret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesSecret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on Kubernetes
 
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
 
Shifting security left simplifying security for k8s open shift environments
Shifting security left simplifying security for k8s open shift environmentsShifting security left simplifying security for k8s open shift environments
Shifting security left simplifying security for k8s open shift environments
 
Azure key vault
Azure key vaultAzure key vault
Azure key vault
 
Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS Environment
 
Exploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerExploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access Manager
 

Similaire à Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault and Open Source Tools

Managing your secrets in a cloud environment
Managing your secrets in a cloud environmentManaging your secrets in a cloud environment
Managing your secrets in a cloud environmentTaswar Bhatti
 
Intelligent Cloud Conference 2018 - Building secure cloud applications with A...
Intelligent Cloud Conference 2018 - Building secure cloud applications with A...Intelligent Cloud Conference 2018 - Building secure cloud applications with A...
Intelligent Cloud Conference 2018 - Building secure cloud applications with A...Tom Kerkhove
 
Techdays Finland 2018 - Building secure cloud applications with Azure Key Vault
Techdays Finland 2018 - Building secure cloud applications with Azure Key VaultTechdays Finland 2018 - Building secure cloud applications with Azure Key Vault
Techdays Finland 2018 - Building secure cloud applications with Azure Key VaultTom Kerkhove
 
Securing Cassandra The Right Way
Securing Cassandra The Right WaySecuring Cassandra The Right Way
Securing Cassandra The Right WayDataStax Academy
 
Cassandra and security
Cassandra and securityCassandra and security
Cassandra and securityBen Bromhead
 
Instaclustr: Securing Cassandra
Instaclustr: Securing CassandraInstaclustr: Securing Cassandra
Instaclustr: Securing CassandraDataStax Academy
 
Securing Cassandra
Securing CassandraSecuring Cassandra
Securing CassandraInstaclustr
 
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...Stenio Ferreira
 
Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key VaultAzure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key VaultTom Kerkhove
 
Knolx_ Sealed Secrets
Knolx_ Sealed SecretsKnolx_ Sealed Secrets
Knolx_ Sealed SecretsKnoldus Inc.
 
Security Considerations for Microservices and Multi cloud
Security Considerations for Microservices and Multi cloudSecurity Considerations for Microservices and Multi cloud
Security Considerations for Microservices and Multi cloudNeelkamal Gaharwar
 
TW SEAT - DevOps: Security 干我何事?
TW SEAT - DevOps: Security 干我何事?TW SEAT - DevOps: Security 干我何事?
TW SEAT - DevOps: Security 干我何事?smalltown
 
DCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at NetflixDCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at NetflixDocker, Inc.
 
Indianapolis Splunk User Group Dec 22
Indianapolis Splunk User Group Dec 22Indianapolis Splunk User Group Dec 22
Indianapolis Splunk User Group Dec 22WesComer2
 
001 - Get acquainted with the AWS platform -- hide01.ir.pptx
001 - Get acquainted with the AWS platform -- hide01.ir.pptx001 - Get acquainted with the AWS platform -- hide01.ir.pptx
001 - Get acquainted with the AWS platform -- hide01.ir.pptxnitinscribd
 
201504 securing cassandraanddse
201504 securing cassandraanddse201504 securing cassandraanddse
201504 securing cassandraanddseJohnny Miller
 
Cassandra Day London 2015: Securing Cassandra and DataStax Enterprise
Cassandra Day London 2015: Securing Cassandra and DataStax EnterpriseCassandra Day London 2015: Securing Cassandra and DataStax Enterprise
Cassandra Day London 2015: Securing Cassandra and DataStax EnterpriseDataStax Academy
 
hashicorp-virtualdays-vaultkeeping-a-secret-200409143039.pptx
hashicorp-virtualdays-vaultkeeping-a-secret-200409143039.pptxhashicorp-virtualdays-vaultkeeping-a-secret-200409143039.pptx
hashicorp-virtualdays-vaultkeeping-a-secret-200409143039.pptxhamzaaqqa7
 
Managing secrets at scale
Managing secrets at scaleManaging secrets at scale
Managing secrets at scaleAlex Schoof
 

Similaire à Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault and Open Source Tools (20)

Managing your secrets in a cloud environment
Managing your secrets in a cloud environmentManaging your secrets in a cloud environment
Managing your secrets in a cloud environment
 
Intelligent Cloud Conference 2018 - Building secure cloud applications with A...
Intelligent Cloud Conference 2018 - Building secure cloud applications with A...Intelligent Cloud Conference 2018 - Building secure cloud applications with A...
Intelligent Cloud Conference 2018 - Building secure cloud applications with A...
 
Techdays Finland 2018 - Building secure cloud applications with Azure Key Vault
Techdays Finland 2018 - Building secure cloud applications with Azure Key VaultTechdays Finland 2018 - Building secure cloud applications with Azure Key Vault
Techdays Finland 2018 - Building secure cloud applications with Azure Key Vault
 
Securing Cassandra The Right Way
Securing Cassandra The Right WaySecuring Cassandra The Right Way
Securing Cassandra The Right Way
 
Cassandra and security
Cassandra and securityCassandra and security
Cassandra and security
 
Instaclustr: Securing Cassandra
Instaclustr: Securing CassandraInstaclustr: Securing Cassandra
Instaclustr: Securing Cassandra
 
Securing Cassandra
Securing CassandraSecuring Cassandra
Securing Cassandra
 
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...
 
Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key VaultAzure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
 
Knolx_ Sealed Secrets
Knolx_ Sealed SecretsKnolx_ Sealed Secrets
Knolx_ Sealed Secrets
 
Security Considerations for Microservices and Multi cloud
Security Considerations for Microservices and Multi cloudSecurity Considerations for Microservices and Multi cloud
Security Considerations for Microservices and Multi cloud
 
Vault 101
Vault 101Vault 101
Vault 101
 
TW SEAT - DevOps: Security 干我何事?
TW SEAT - DevOps: Security 干我何事?TW SEAT - DevOps: Security 干我何事?
TW SEAT - DevOps: Security 干我何事?
 
DCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at NetflixDCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at Netflix
 
Indianapolis Splunk User Group Dec 22
Indianapolis Splunk User Group Dec 22Indianapolis Splunk User Group Dec 22
Indianapolis Splunk User Group Dec 22
 
001 - Get acquainted with the AWS platform -- hide01.ir.pptx
001 - Get acquainted with the AWS platform -- hide01.ir.pptx001 - Get acquainted with the AWS platform -- hide01.ir.pptx
001 - Get acquainted with the AWS platform -- hide01.ir.pptx
 
201504 securing cassandraanddse
201504 securing cassandraanddse201504 securing cassandraanddse
201504 securing cassandraanddse
 
Cassandra Day London 2015: Securing Cassandra and DataStax Enterprise
Cassandra Day London 2015: Securing Cassandra and DataStax EnterpriseCassandra Day London 2015: Securing Cassandra and DataStax Enterprise
Cassandra Day London 2015: Securing Cassandra and DataStax Enterprise
 
hashicorp-virtualdays-vaultkeeping-a-secret-200409143039.pptx
hashicorp-virtualdays-vaultkeeping-a-secret-200409143039.pptxhashicorp-virtualdays-vaultkeeping-a-secret-200409143039.pptx
hashicorp-virtualdays-vaultkeeping-a-secret-200409143039.pptx
 
Managing secrets at scale
Managing secrets at scaleManaging secrets at scale
Managing secrets at scale
 

Dernier

Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...masabamasaba
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in sowetomasabamasaba
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
tonesoftg
tonesoftgtonesoftg
tonesoftglanshi9
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...Jittipong Loespradit
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...masabamasaba
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdfPearlKirahMaeRagusta1
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Bert Jan Schrijver
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyviewmasabamasaba
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfonteinmasabamasaba
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 

Dernier (20)

Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 

Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault and Open Source Tools

  • 1. Secure Secret Management on a Budget Mary Racter BSides Cape Town 2 December 2017 Reasoning about SM with Vault on DC/OS and Open Source Tools
  • 2. whois Hello! I’m Mary. I’m a Security Engineer at Praekelt.org, an Non-Profit Organisation that provides digital solutions to support quality of life worldwide. Previously a penetration tester at MWR InfoSecurity. medium/@racter
  • 3. Purpose of this Talk • An introduction to secret management • Introduction to some cybersecurity tools and primitives for secret management at scale • Some learnings about how and how not to handle secrets
  • 4. Intro: What is a Secret?
  • 5. A secret is some knowledge, or piece of data, that is hidden from entities who are not entitled to know it. Knowledge of a secret is commonly used to validate an entity’s identity. Examples of secrets in computing: ● Passwords ● RSA Private Keys ● Encryption Keys ● API Tokens
  • 6. There are a lot of ways to infiltrate a software system, but compromising secrets are one of the most reliably low-tech methods that present a good chance of success. That’s why guessing passwords forms a part of every hacker and pentester’s offensive arsenal.
  • 7. Anatomy of a Secret (for hackers)
  • 8. “A full 80% of data breaches are caused by silly mistakes by those responsible for managing secrets - It’s not that the adversaries are so sophisticated.” - Rashmi Jha, DigiCert Security Summit 2017
  • 9. A Story of Secrets at (medium) Scale: The Harsh Tale of Praekelt.org
  • 10. Open-source software form the backbone of Praekelt.org’s software infrastructure. We run our Python web applications as Docker Containers on the open-source version of Mesosphere’s DC/OS, a cluster-based container orchestration platform. We host our codebases on GitHub.
  • 11.
  • 12. Our containers run webapps that need stateful services like databases and message queues. How do these webapps get access to the stateful services? Why, by authenticating against them with a secret, of course.
  • 13. At the moment, we create and configure stateful services on persistent hosts using Puppet. Any usernames and passwords required on those services are described in the Puppet config, which sits in GitHub.
  • 14. We then… Copypasta those credentials… ...into environment variables. USERNAME=’admin’ PASSWORD=’admin’ By the way, the database you need to connect to is on 10.0.0.5 It’s called ‘postgres’ Your username is ‘admin’ and your password is ‘admin’
  • 15. This is pretty risky.
  • 16. • If someone manages to break into your container’s environment, reading the environment variables to gain access to secrets is trivial. • Environment variables are commonly exposed in application logs. • Many webapp frameworks’ DEBUG mode will display environment variables by default. • Credential leaks could happen if your process forks to interact with a third-party application with access to the child environment. RISKS OF PASSING SECRETS AS ENVIRONMENT VARIABLES
  • 17. • Git is designed to preserve history. Unrevoked credentials in Git history are a point of exposure. • If someone at GitHub *really* wanted our secrets, they could get them. • It is quite possible to make a private repo public by accident. • Easy to expose more secrets than needed to third-party contractors and interns RISKS OF STORING SECRETS IN GITHUB (IN A PRIVATE REPO)
  • 18. • Easy for those with access to fork/clone secrets wholesale. • Coarse access control - can control access to repositories, but one repository could contain secrets of varying sensitivities • You need to rotate and revoke credentials manually, which becomes more tedious the more stateful services you need to manage. Importantly… It does not allow for security best practice at scale. RISKS OF STORING SECRETS IN GITHUB (IN A PRIVATE REPO)
  • 19.
  • 20.
  • 21. Secret Management Tasks • Create secrets • Store secrets • Distribute secrets • Manage secret life cycles
  • 22. We’re migrating our secret creation and storage to HashiCorp’s Vault.
  • 23. It is well-maintained, open-source, and designed with high-availability and container orchestrators in mind Vault is a Secret Management Solution
  • 24. “Vault generates, secures, stores, and controls access to tokens, passwords, certificates, API keys, and other secrets. It handles leasing, key revocation, key rolling, and auditing. Through a unified REST API, users can access an encrypted Key/Value store and network encryption-as-a-service, or generate AWS IAM/STS credentials, SQL/NoSQL databases, X.509 certificates, SSH credentials, and more.”
  • 25. Vault is only one piece of the puzzle. It can generate and store secrets securely for you, but it does not handle secure distribution.
  • 26. Secret Management Tasks • Create secrets ✓ • Store secrets ✓ • Distribute secrets ० Get the secret from Vault to the correct consumer ० Keep the secret safe from exfiltration during transit ० Scaling secret distribution with large number of consumers • Manage secret life cycles
  • 27. Security Management Primitive: Trust • Trust between software actors refers to waiving the frequency or rigour with which authorisation routines are conducted for privileged requests, if some preconditions are satisfied ० Example preconditions: same network trust zone (VPNs, internal networks), valid session token • Trust can be one-way or mutual • Mutual trust + degree of interdependence = coupling
  • 28. $$$ Solutions • Many enterprise container orchestration platforms have components coupled with a secret store which inject secrets into containers at the time of launch, in env or mounted volumes (eg. DC/OS EE, Kubernetes/GCE) • There are also open-source tools that leverage this paradigm as well but require ecosystem buy-in (eg. EnvConsul) What do you do if you don’t have control over your scheduler logic, can’t afford an enterprise license of a product, and/or don’t want to invest in a new orchestration ecosystem?
  • 29. Naive Distribution Workflow: Container asks Vault for Secrets After Launch • If the container authenticates to Vault with a secret, how does that secret get there in the first place? • How does Vault confirm the identity and permissions of the client container? • Solving this by trusting all actors who can connect over a private interface is too coarse-grained
  • 31. • If we can securely get the initial secret granting the container access to Vault, then the container can securely fetch all subsequent secrets. • But how do we fetch this first secret? THE SECURE INTRODUCTION PROBLEM
  • 32. General Solution: Using a Secure Introduction Agent Jeff Mitchell, Secure Introduction At Scale: Think Like A Vault Developer, ContainerDays NYC 2016 Talk: https://www.youtube.com/watch?v=R-jJXm3QGLQ
  • 33. A Secure Introduction Agent is closely coupled with the cluster scheduler, and maintains a mapping of container properties (such as app name) to Vault policies. To minimise the attack surface of the initial secret, we use wrapped tokens.
  • 34. Secret Distribution Primitive: Wrapped Tokens • A single-use token whose sole purpose is to encapsulate the true token value • Once the true token value is extracted, the wrapping token is useless ० Lowers risk of passing them as environment variables ० Lowers risk of exposure through logs of intermediary services
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.
  • 44.
  • 45.
  • 46.
  • 47. Excellent...But… admin:admin? Again? For all clients connecting to that resource? Let’s try kill this bird (and another one) next.
  • 48. Secret Management Tasks • Create secrets ✓ • Store secrets ✓ • Distribute secrets ✓ • Manage secret life cycles ० Revoke secrets from entities no longer requiring them ० Revoke compromised secrets and issuing new ones (key-rolling) ० Destroy invalid secrets ० Prevent re-use of secret value
  • 49. Goals of Secret Lifecycle Management ● Reduce validity period of secret to narrow its temporal attack surface ● Reduce algorithmic attack surface by not exposing expired credentials with the same generation method ● Reduce usefulness of compromised credentials to malicious parties ● Automating this at scale
  • 50. What Does Automated Lifecycle Management Look Like? A couple of primitives and some glue ;)
  • 51. Vault Secret Management Primitive: Dynamic Secrets • Dynamic secrets are lazily generated when they are needed from one “master” secret • Prevents hard-coding of secrets • Prevents secret re-use by automating new secret generation • Supports automated renewal and rotation of secrets • Scales well for unique passwords in 1:∞ resource:client scenarios
  • 52. Dynamic Secrets Example: Postgres ● The secret management service holds a master secret (username + password) to a Postgres database ० This master secret is authorised to create new roles ● When a consumer needs access to that database, it requests a new set of dynamic secrets from Vault ● Vault authenticates to the Postgres database with the master secrets, then runs queries to create the dynamic secret ● Vault wraps the new secret with some metadata and returns it to the consumer
  • 53. Vault Secret Management Primitive: Leases ● Leases are metadata for issued secrets that describe their validity ० Every dynamic secret and auth token issued by Vault has a lease ID ० A lease contains info on the validity period (Time to Live) of a secret, renewability, etc. ● Leases allow the validity period of secrets to be extended or for secrets to be revoked by referencing the lease ID ● Leases with a short TTL forces consumers to check in with Vault continuously to keep the secrets from expiring ● Dynamic secrets that are no longer used are revoked automatically with the lease expiry mechanism
  • 54. Putting it Together ● At container launch, a helper process in the container fetches the required secrets (to a file or to the environment) ● The helper process also makes calls to Vault to renew the leases on those secrets ● As long as the container is alive, the secrets remain valid ● If the container dies for any reason, the helper process stops renewing leases and lets those secrets expire
  • 55. In conclusion ● Secret management in medium-scale, open-source system still relatively unexplored ● In a pinch, you can use your scheduler as an identity server for clients that consume secrets ● Moving beyond storing secrets in cloud repositories is possible without paying fiat currency ● Most secret management solutions for container orchestration platforms exploit trust and couplings to distribute secrets - see if you can spot where it happens!
  • 56. Open Source Tools • HashiCorp Vault - https://www.vaultproject.io • Vault-Gatekeeper-Mesos - https://github.com/ChannelMeter/vault-gatekeeper-mesos • Vaultkeeper - https://github.com/praekeltfoundation/vaultkeeper • EnvConsul - https://github.com/hashicorp/envconsul
  • 57. Thank you! Questions? Feel free to drop me mail about Praekelt or secret management at mary@praekelt.org