Presentation

So My Credentials Have Been Leaked...Now What?

Published 6:00 AM UTC Dec 31, 2022

While we can hope our passwords, API Keys, and certificates are secure and private, hope is not a strategy. Sometimes our credentials become published in a log, source code, or some other source a malicious actor can access. In the best-case scenario, you find out immediately and can work to fix the issue without impacting any other systems or teams. In the more likely worst-case scenario, you have to go through some painful conversations and take significant time away from pushing customer delighting code to deal with a pretty scary circumstance. What makes credential leakage such a terrifying topic is, at least in part, the paralysis of not knowing what to do, or where to start the conversation. In mature organizations, security teams might have protocols and email addresses in place to escalate these situations. In many organizations, you might be starting from scratch. This session will look at how to deal with credential leaks from detection through closing the final related ticket the incident generated. We will look at topics such as validation of secrets, scoping impact, assembling the right players, to how to offload tribal knowledge with tools like notebooks and playbooks. We will also take a look at how to prevent future leaks with some open source tools and non-intrusive workflow adjustments.

While we can hope our passwords, API Keys, and certificates are secure and private, hope is not a strategy. Sometimes our credentials become published in a log, source code, or some other source a malicious actor can access. In the best-case scenario, you find out immediately and can work to fix the issue without impacting any other systems or teams. In the more likely worst-case scenario, you have to go through some painful conversations and take significant time away from pushing customer delighting code to deal with a pretty scary circumstance.

What makes credential leakage such a terrifying topic is, at least in part, the paralysis of not knowing what to do, or where to start the conversation. In mature organizations, security teams might have protocols and email addresses in place to escalate these situations. In many organizations, you might be starting from scratch.

This session will look at how to deal with credential leaks from detection through closing the final related ticket the incident generated. We will look at topics such as validation of secrets, scoping impact, assembling the right players, to how to offload tribal knowledge with tools like notebooks and playbooks. We will also take a look at how to prevent future leaks with some open source tools and non-intrusive workflow adjustments.

More resources like this one

  • 4/11/2024
  • FAQ

Introduction to HashiCorp Vault

Vault identity diagram
  • 12/28/2023
  • FAQ

Why should we use identity-based or "identity-first" security as we adopt cloud infrastructure?

  • 3/14/2023
  • Article

5 best practices for secrets management

  • 2/3/2023
  • Case Study

Automating Multi-Cloud, Multi-Region Vault for Teams and Landing Zones

View all resources