Elevator Pitch
Every team can improve their secrets management, but where do we start? I’ll discuss the goals of good secrets management and share the tools and approaches that will help teams improve their secrets management regardless of maturity.
Description
Having worked with a range of teams and organisations, from serverless startups, to big banks, to scientific organisations - I know there’s no one-size-fits-all approach to secrets management. I also know there are so many code bases out there with API Keys hard coded into them (I know, I’ve found my fair share!).
In this talk I lay out the fundamentals of good secrets management, identity and access management and the building blocks for workload identity. I’ll introduce some open-source tools and resources that will help enable teams to improve their secrets management with minimal time and effort. I’ll answer the question of how do you move from committing keys to source control, to modern secrets management (e.g. HashiCorp Vault) in small, meaningful, approachable steps.