Presentation: Access and Secret Management in Cloud Services

Location:

Duration

Duration: 
2:55pm - 3:45pm

Day of week:

Level:

Persona:

Abstract

This presentation will cover the concepts and tooling for wrangling identity, access management, and secrets (passwords, ssl certificates, access tokens, etc.) in cloud services. In identity, we will cover methods of handling Single Sign On (SSO) for services and user management in services that don't support SSO. With access control, we will cover methods of limiting access to services and infrastructure, methods of controlling access to secrets, including secure methods of bootstrapping authentication for secret management, and methods of limiting access to docker containers in both multi-tenant and non-multitenant environments.

You will leave this presentation understanding the methods for handling various types of security problems in cloud services as well as the tools we use at Lyft including Google SAML/OAuth2, Onelogin and Octa for identity management/SSO, Confidant, Vault, Sneaker, Credstash and Keywhiz for secret management, Confidant and KMS for secure bootstrapping, and metadataproxy and ec2metaproxy for limiting access to docker containers.

Speaker: Ryan Lane

DevOps @Lyft

Ryan Lane is a Security Engineer at Lyft. He's the maintainer of a number of Lyft's Open Source security products, like Confidant, metadataproxy and bandit-high-entropy-string. Ryan also wrote and maintains the AWS orchestration code in SaltStack and is a major contributor to Wikimedia and OpenStack projects.

Find Ryan Lane at

Similar Talks

Global Solutions Architect @Venafi
Principal Solution Architect @CloudBees
Director - Penetration Testing / Red Team @Yahoo
Co-founder & CEO of Backtrace I/O
Service Resilience Software Engineer @Microsoft

Tracks

Monday, 13 June

Tuesday, 14 June

Wednesday, 15 June