Long Live Short Lived Credentials - Auto-rotating Secrets At Scale

Abstract

By now, you are very likely aware of the problem of secrets sprawl. Millions of hardcoded plaintext credentials keep showing up online in easy-to-scan places year after year. Worse yet, adversaries have gotten very good at exfiltrating and validating these secrets. Rotating the key or password after an attack is far too late.

What if every credential that an adversary could find expired before they could exploit it? What if keys, just a few hours old, no longer worked?

Let's embrace a future of proper secrets management and auto-rotating secrets. It might seem overwhelming at first to consider accomplishing this, especially if you have never tackled secrets management before, but for many systems, this is easier to achieve than you might realize.

In this session, you will
- Get an update on the state of secrets sprawl
- Diagram auto-rotation architectures
- Plan a secrets audit and code refactor strategy
- Start the email that will help you convince the team

Dwayne McDaniel

Dwayne has been working as a Developer Relations professional since 2015 and has been involved in tech communities since 2005. He loves sharing his knowledge, and he has done so by giving talks at over a hundred events worldwide. Dwayne currently lives in Chicago. Outside of tech, he loves karaoke, live music, and performing improv.