Can you keep a secret?
|Countdown link||Open timer|
The median time to discovery for a secret key leaked to GitHub is 20 seconds. By the time you realise your mistake and rotate your secrets, it could be too late. In this talk, we'll look at some techniques for secret management which won't disrupt your workflow, while keeping your services safe.
We've all been guilty of hard-coding secrets at some point. It's just a quick hack, and you'll definitely go back and tidy it up later. But then you forget, and it's all too easy to
git push your API keys to GitHub.
This easy to make mistake could end up costing you thousands of dollars, and with the median time to discovery for a secret key leaked to GitHub being 20 seconds you could end up compromised before you have a chance to correct your error.
In this talk, we'll look at techniques that you can use personally and within your development teams to properly store, share, and manage your secrets, as easily as possible, and most importantly without disrupting your workflow.
Aaron Bassett has lived in Ireland, Scotland, Hungary, The Netherlands, and America. He is a recovering Senior Software Engineer turned award-winning Developer Advocate. As a developer, public speaker, writer, and mentor; he spends most of his time making cool stuff and helping other people make unbelievably cool stuff 🔥🦄✨🚀
Aaron has been working online since 2005 and has always enjoyed sharing what he learned by organising and speaking at local meetups. He spoke at his first conference in 2013, and since then he's spoken at conferences on a range of topics all over the world. He has a passion for mentoring and has been involved with Social Innovation Camp UK, Social Innovation Camp Kosovo, Startup Weekend, Open Glasgow, DjangoGirls and global diversity CFP day.