Learn how to manage sensitive information hosted in both cloud-native and traditional server environments
Secrets are an integral aspect of Cloud-Native Application Environments. Secrets like passwords, API Keys,
Encryption Keys, secure configuration parameters are critical for applications to function. In addition, secrets
are a pathway to sensitive information, including PII, ePHI, Financial Information and so forth. With the rise of
Cloud-Native Deployment Environments like Public Cloud IaaS, Serverless Deployments, Containerized
Deployments with Kubernetes and so on, secrets end up being largely the opposite of what they are meant to
be. Secret sprawl, hardcoded secrets, secrets in source code repos are some common issues that are seen
The aim of this program is to delve deep into managing secrets and sensitive information across various
technologies that are popular with Cloud Native environments.
Secrets of Secrets Management is a training that delves deep into managing secrets and sensitive information across various technologies that are popular with Cloud Native environments. We will look at some common security mistakes and antipatterns and explore the various tools, techniques and approaches to securing secrets and sensitive information in cloud-native enviroments like AWS, Kubernetes and traditional server environments. This program will also do a deep-dive into GitOps and secrets management, including Dynamic Secrets in DevOps pipelines and CI/CD Environments.
Hashicorp Vault has emerged as one of the most popular and versatile Secrets Management Tools out there. V ault is a leading Open-Source Secrets and Key Management product that comes with a plethora of capabilities like comprehensive secrets management, access control, key management, encryption, and audit logs. In this class, we'll be doing a hands-on deep-dive into managing secrets and encryption with Hashicorp Vault. You will be working to deploy Vault, learn its many features and integrate into real-world applications. This training is meant to be practical and heavily hands-on.
Our Application Security and Cloud Security programs is a regular feature at marquee application security conferences across the world.
What are the pre-requisites to take this course?
Basic understanding of Cloud Services (AWS) and DevOps (Principles, Tools and High-Level Concepts). Working knowledge of Containerized Deployments and Kubernetes. Familiarity with the Linux command line is preferred.
Who is this training aimed at?
The core objective of this course is to help product teams keep sensitive information secure. This course would therefore be beneficial to Developers, DevOps professionals, Info/App Security professionals, security architects, security engineers especially AppSec Engineers.