Room: DMS 1160
Whether you’re using a legacy system or a serverless framework, you’re using some sort of database. Are you using the same database credentials for your human users and your applications? This shared access poses a huge security risk. Leaked database credentials in the wrong hands can cause havoc.
In this tutorial, I use Vault (an open-source secret management tool from HashiCorp) to make a case for dynamic secrets. After a brief overview of Vault, I go over how Vault can dynamically generate database credentials. I use a managed PostgreSQL service to demo the benefits of dynamic database credentials and use specific roles to limit access to certain tables. After attending the tutorial, the audience will understand the need for dynamic secrets for their databases and walk away with some (open-source) resources to try out for their use cases.