Skip to content

    Latest Posts

    Managing Secrets at Scale at Velocity EU

    Drew Wright

    UPDATE, 1/12/16 Our own Alex Schoof spoke at Velocity EU 2015 in Amsterdam on managing secrets at scale in the cloud. It was a highly rated talk that earned a write-up in InfoQ. Alex will be presenting this talk at tonight’s DevOps DC Meetup in Arlington, VA. You can view the slides from his talk on SlideShare and view his talk on Vimeo below: ORIGINAL POST Modern systems are full of secrets. There are secrets we think about all the time, like private keys for SSL certificates or the password for the prod database, and there are secrets that we ignore or forget, like the secret used to generate HMACs for session cookies. All these secrets present management hurdles: They need to be safely and securely distributed to servers that need them. They must have some kind of...

    Read More

    Using AWS KMS to manage secrets in your Infrastructure

    Drew Wright

    At Re:Invent 2014, AWS launched their new Key Management Service, or KMS. As its name implies, KMS is an AWS service that helps securely manage encryption keys in the cloud. Traditionally, keys have been managed in haphazard ways, from SCP-ing keys around your instances to baking them into machine images. The safe way to manage high-value keys has been to employ dedicated Hardware Security Modules (HSMs), either on-premise or with the AWS CloudHSM service. In either case, HSMs are expensive and hard to use. The new KMS service provides HSM-style key management that is both inexpensive and easy to use via a web service API. First, we'll look at what KMS is and how you can use it to manage encryption keys. Then, we'll look at credstash, a simple system that uses KMS and DynamoDB to...

    Read More
    Fugue Developer

    Free Cloud Security for Engineers

    • Visualize your cloud infrastructure
    • Run policy checks and get feedback
    • Detect change and eliminate misconfiguration
    GET STARTED CONTACT SALES