Collaborate Disseminate
HashiCorp Vault Agent creates a sidecar that talks to the Vault server and injects secrets as files into containers, where the files are located under /vault/secrets/.
"render all defined templates to the ephemeral in-memory mount at … Continue reading Root takeover attack on Kubernetes host despite Vault agent
Is this a good approach to preventing the leakage of secrets?
Say I had a simple setup where Alice holds the secret to access Bob, and Charlie has basic shell access to Alice (with a different auth method). Charlie echoing "$BOB_SECRE… Continue reading Intercept calls to authenticated 3rd-party APIs, to automatically add auth keys?
I have recently been thinking deeply about the most secure ways to store credentials (like API keys) for use by unsupervised programs running on unsupervised servers. I have such systems and would like to absolutely minimize the impact/cos… Continue reading Do credential stores have added value for API key protection on unsupervised system? If so, how?
We have a service running on AWS. This service uses secrets such as API keys of third party services (in other words: secrets which do not rotate automatically). These secrets are stored in AWS secretsmanager. Let’s call this the "tra… Continue reading can non-rotatable secrets be stored in ciphertext form in a DB/file/etc.?
Scenario:
I have a PHP web application that needs to make an API call using a password provided by the user. I want to temporarily store this password so I can use it across multiple requests without having to re-ask the user for the passw… Continue reading Securely store password for API sessions
Please note this question is specifically to this CSI driver infrastructure and NOT to the K8s Secrets infrastructure.
Reviewing this implementation with regards to some enterprise work. The infrastructure handles a lot of internal sensiti… Continue reading K8s Secrets Store CSI Driver
I have a process that needs secret keys to be passed as environment variables. That is for historical reasons.
I have a AWS machine where this process runs but I do not want to store these keys in files or scripts on the cloud.
What is the… Continue reading Launch a process with secrets as environment variables
I am exploring how to use docker secrets, but all the secrets are visible in plain text format to anyone who can use the docker command. How do I ensure all secrets are sufficiently protected and not as readily accessible to unauthorized … Continue reading How to use `docker secret` to prevent secrets from being seen in plain text by unauthorized individuals
Given a Wireguard client configuration file, I guess some of the fields shouldn’t be shared with just anyone, like the private key, right?
Is there any other field that should be treated as a confidential value? I want to add the client co… Continue reading Wireguard client configuration file – confidential values
We currently rotate AWS-specific secrets via AWS Secrets Manager without much issue. However, we are looking to also rotate secrets e.g. API keys for specific services, but AWS Secrets Manager does not support this, and it seems that Hashi… Continue reading How are companies automatically rotating secrets such as API keys?