Secret Management: The Soft Way

Secrets. Security best-practices mandate that they stay away from the code—or else! And that’s what we did for a long time.

But as CI/CD practices evolved, for a myriad of reasons, we now want to ship the code, the environment, and the secrets, all in one lump. So we can’t hide the secrets anymore… unless?

Tools like HashiCorp Vault attempt to address this by managing secrets outside the delivery chain. Great! But you can’t use those inside local dev environments, so… When that’s exactly what you need to do, then what?

In this talk, Lian will show the audience how to manage secrets the GitOps way, so you can maintain security best-practices while also being able to use them in your local environment for development. Sound like magic? That’s because it is!

After this talk, the audience will be able to understand secret management solutions that work seamlessly in a variety of environments.

Slides