Can Your CI/CD Pipeline Keep a Secret?
May 15, 2020
Cloud security is about zero trust and hiding API keys, credentials, and other sensitive secrets in your application code. Learn how your CI/CD pipeline may be leaking them.
Speaker: Abubakar Siddiq
It's hard to keep secrets, and harder to ensure they stay safe. There are countless horror stories of data breaches due to exposed secrets or disgruntled employees with unrestricted access to secrets causing harm.
With CI/CD becoming the default practice for software delivery, secrets are usually stored as environment variables. These are difficult to manage especially in a large organization with multiple projects across several teams. Encryption, secure storage, and frequent rotation of secrets are the panaceas but only a few tools are available to provide it.
HashiCorp’s Vault is one of them, enabling encrypted, secure, and access-controlled secrets management.
What You'll Learn
In this talk, I will be sharing common ways secrets are exposed in CI/CD pipelines and how Vault can be used to securely use secrets in CI jobs.
At the end of the session, viewers will learn about vulnerabilities in secrets management, why they need to use secrets management tools i.e. Vault, and they will see a demo of how they can secure their secrets in a CI tool like GitLab CI.
You can find the slides from HashiTalks: Africa presentations in this HashiCorp Community Forum page.