[2017-07-11] Shared secrets: securing api keys and config from development to production #30
Comments
|
there definitely needs to be more / better info on these topics out on the web for folks to discover. i'd specifically like to request you include some comparison with other related tools such as Hashicorp Vault, the tools associated with Ansible, Chef, and similar, etc. with the goal of disambiguating when each type of approach and each tool would be appropriate to use. |
|
@brandondees Agreed. And yeah, I'll definitely include comparisons of various tools and look at the differences in how they tackle the problem. |
|
@danenania just got a notification venue double booked. Just giving you a heads up. Let's link in Slack. Can you ping me there? This actually could play out nicely as we have an extra meetup coming up for GORUCO. /c @brandondees |
snuggs
changed the title
|
@snuggs Ahh too bad. Sure, I'll ping you when I get a chance--is there a
Slack for the meetup group? What's the url?
…On Tue, Jun 13, 2017 at 4:04 PM snuggs ***@***.***> wrote:
@danenania <https://github.com/danenania> just got a notification venue
double booked. Just giving you a heads up. Let's link in Slack. Can you
ping me there? This actually could play out nicely as we have an extra
meetup coming up for GORUCO.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#30 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAhSRtMHXvOAuEnGIPZOOVP3Cvde5-4Oks5sDutfgaJpZM4N2NIR>
.
|
|
Already sent the invite to dane.schneider@gmail.com homie! Be sure to shout out in Introductions. We've been waiting for you @danenania . lolz 💯 |
snuggs
changed the title
|
Ah, guess I already joined! One step ahead of myself
…On Tue, Jun 13, 2017 at 7:29 PM snuggs ***@***.***> wrote:
@danenania <https://github.com/danenania>
[image: capture d ecran 2017-06-13 a 19 28 57]
<https://user-images.githubusercontent.com/38223/27109061-93ae4e90-506e-11e7-8b75-fb14e0dfcb8b.png>
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#30 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAhSRiDwBc_0O4IDhn98fTjfKMotfyWGks5sDxtMgaJpZM4N2NIR>
.
|
snuggs
changed the title
|
@danenania gonna announce this tomorrow! |
|
Sweet! Looking forward to it.
…On Thu, Jul 6, 2017 at 10:04 PM snuggs ***@***.***> wrote:
@danenania <https://github.com/danenania> gonna announce this tomorrow!
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#30 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAhSRqr12WuUtb9Z-ciMdsV2c8sdvbuBks5sLZIzgaJpZM4N2NIR>
.
|
|
@danenania 🎉 🎉 🎉 🎉 🎉 🎉 https://www.meetup.com/NYC-rb/events/235117566/ You will be presenting with @noahzgordon |
Description
How secure are your Ruby app's api keys? Keys for critical services like payments, email, and infrastructure management can quickly turn dangerous if they end up in the wrong hands, yet many teams aren't as disciplined as they should be when it comes to controlling access. I'll cover the issues involved from both a security and developer experience perspective, compare a number of potential approaches, and introduce Envkey, a tool I built that attempts to make all of this a lot easier to deal with.
Bio
Dane is a full stack engineer and designer who’s been working with agencies and startups for the last 8 years. He’s especially interested in ways that technically-informed user experience design can help to smooth over thorny issues in the worlds of devops and security.
The text was updated successfully, but these errors were encountered: