Aaron Bassett is a recovering senior software engineer turned Principal Developer Relations Engineer. He is a developer, public speaker, writer, and mentor; he spends most of his time making cool stuff and helping other people make unbelievably cool stuff 🔥🦄✨🚀
The median time to discovery for a secret key leaked to GitHub is 20 seconds. By the time you realise your mistake and rotate your secrets, it could be too late. In this talk, we’ll look at some techniques for secret management which won’t disrupt your workflow, while keeping your services safe.
We’ve all been guilty of hard-coding secrets at some point. It’s just a quick hack, and you’ll definitely go back and tidy it up later. But then you forget, and it’s all too easy to git push your API keys to GitHub.
This easy to make mistake could end up costing you thousands of dollars, and with the median time to discovery for a secret key leaked to GitHub being 20 seconds you could end up compromised before you have a chance to correct your error.
In this talk, we’ll look at techniques that you can use personally and within your development teams to properly store, share, and manage your secrets, as easily as possible, and most importantly without disrupting your workflow.