ChefConf

Secrets come in many forms: passwords, keys, and tokens. They’re all crucial to the operation of an application, but each is dangerous in its own way. In the past, many of us have pasted those secrets into a text file and moved on, but in a world of config automation and ephemeral microservices, these patterns are is much too risky. New tools, products, and libraries are being released all the time to try to cope with this massive rise in threats, both new and old-but-ignored. This talk will cover the major types of secrets in a normal web application, how to model their security properties, what tools are best for each situation, and how to use them with major web frameworks and other systems.