The Python Podcast.__init__

Managing Application Secrets with Brian Kelly

Listen Later
Summary

Any application that communicates with other systems or services will at some point require a credential or sensitive piece of information to operate properly. The question then becomes how best to securely store, transmit, and use that information. The world of software secrets management is vast and complicated, so in this episode Brian Kelly, engineering manager at Conjur, aims to help you make sense of it. He explains the main factors for protecting sensitive information in your software development and deployment, ways that information might be leaked, and how to get the whole team on the same page.

Preface
  • Hello and welcome to Podcast.__init__, the podcast about Python and the people who make it great.
  • When you’re ready to launch your next app you’ll need somewhere to deploy it, so check out Linode. With private networking, shared block storage, node balancers, and a 40Gbit network, all controlled by a brand new API you’ve got everything you need to scale up. Go to podcastinit.com/linode to get a $20 credit and launch a new server in under a minute.
  • Visit the site to subscribe to the show, sign up for the newsletter, and read the show notes. And if you have any questions, comments, or suggestions I would love to hear them. You can reach me on Twitter at @Podcast__init__ or email [email protected])
  • To help other people find the show please leave a review on iTunes, or Google Play Music, tell your friends and co-workers, and share it on social media.
  • Join the community in the new Zulip chat workspace at podcastinit.com/chat
  • Your host as usual is Tobias Macey and today I’m interviewing Brian Kelly about how to store, deploy, and use sensitive information in your applications
    • Interview
    • Introductions
    • How did you get introduced to Python?
    • To begin with, how do you define a secret in the context of an application?
    • What are the broad categories for solutions to secrets management?
    • What are the different aspects of secrets management in the lifecycle of developing, deploying, and maintaining an application?
    • How does the scale of a project or organization impact the strategies that are reasonable for secrets management?
    • What are some of the most challenging aspects of secrets management at the different stages of usage?
      • What are some of the common reasons that secrets management strategies fail?
      • What are some of the vulnerabilities or attack vectors that development teams should be thinking about when working with credentials?


      • What are your thoughts on versioning of secrets?

      • Beyond storing and deploying sensitive information, what are some of the secondary concerns around secrets management that development teams should be thinking about?

      • How does the use of multiple environments (e.g. dev, QA, production, etc.) affect the strategies used for secrets management?

      • What are some of the most useful resources that you have found for anyone looking to learn more about this subject?

        • Keep In Touch
        • @brikelly on Twitter
        • Blog
        • brikelly on GitHub
          • Picks
          • Tobias
            • The Inheritance Cycle


            • Brian

              • Donegal Ireland


                • Links
                • Conjur
                • CyberArk
                • Datawire
                • Transpiler
                • IDL
                • CSRF (Cross-Site Request Forgery)
                • Hashicorp Vault
                • Continuous Integration
                • Continuous Delivery
                • TLS (Transport Layer Security)
                • RBAC (Role Based Access Control)
                • Terraform
                • SQL Injection
                • Secretless
                • MFA
                • Duo Security
                • Kubernetes
                • Summon
                • OWASP Top 10
                • Configuration Management
                • Puppet
                • Chef
                • Ansible
                • SaltStack
                • Immutable Infrastructure
                • Conjur Blog
                • Krebs On Security

                  • The intro and outro music is from Requiem for a Fish The Freak Fandango Orchestra / CC BY-SA

                  ...more
                  View all episodesView all episodes
                  Download on the App Store
                  The Python Podcast.__init__By Tobias Macey
                  • 4.4
                  • 4.4
                  • 4.4
                  • 4.4
                  • 4.4

                  4.4

                  100 ratings

                  More shows like The Python Podcast.__init__

                  View all
                  The Changelog: Software Development, Open Source by Changelog Media

                  The Changelog: Software Development, Open Source

                  283 Listeners

                  Data Skeptic by Kyle Polich

                  Data Skeptic

                  481 Listeners

                  Chat With Traders by Tessa Dao

                  Chat With Traders

                  1,979 Listeners

                  Talk Python To Me by Michael Kennedy

                  Talk Python To Me

                  593 Listeners

                  Software Engineering Daily by Software Engineering Daily

                  Software Engineering Daily

                  623 Listeners

                  The TWIML AI Podcast (formerly This Week in Machine Learning & Artificial Intelligence) by Sam Charrington

                  The TWIML AI Podcast (formerly This Week in Machine Learning & Artificial Intelligence)

                  445 Listeners

                  Super Data Science: ML & AI Podcast with Jon Krohn by Jon Krohn

                  Super Data Science: ML & AI Podcast with Jon Krohn

                  297 Listeners

                  Python Bytes by Michael Kennedy and Brian Okken

                  Python Bytes

                  215 Listeners

                  Data Engineering Podcast by Tobias Macey

                  Data Engineering Podcast

                  142 Listeners

                  Machine Learning Guide by OCDevel

                  Machine Learning Guide

                  764 Listeners

                  Syntax - Tasty Web Development Treats by Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers

                  Syntax - Tasty Web Development Treats

                  981 Listeners

                  DataFramed by DataCamp

                  DataFramed

                  267 Listeners

                  Practical AI by Practical AI LLC

                  Practical AI

                  190 Listeners

                  The Real Python Podcast by Real Python

                  The Real Python Podcast

                  140 Listeners

                  Hard Fork by The New York Times

                  Hard Fork

                  5,426 Listeners