Conference: Jun 26-28, 2017
Workshops: Jun 29-30, 2017
Presentation: Access and Secret Management in Cloud Services
Location:
- Salon A/B
Duration
Day of week:
- Monday
Level:
- Intermediate
Persona:
- Architect
Abstract
This presentation will cover the concepts and tooling for wrangling identity, access management, and secrets (passwords, ssl certificates, access tokens, etc.) in cloud services. In identity, we will cover methods of handling Single Sign On (SSO) for services and user management in services that don't support SSO. With access control, we will cover methods of limiting access to services and infrastructure, methods of controlling access to secrets, including secure methods of bootstrapping authentication for secret management, and methods of limiting access to docker containers in both multi-tenant and non-multitenant environments.
You will leave this presentation understanding the methods for handling various types of security problems in cloud services as well as the tools we use at Lyft including Google SAML/OAuth2, Onelogin and Octa for identity management/SSO, Confidant, Vault, Sneaker, Credstash and Keywhiz for secret management, Confidant and KMS for secure bootstrapping, and metadataproxy and ec2metaproxy for limiting access to docker containers.
Similar Talks
Tracks
Monday, 13 June
-
Architectures You've Always Wondered About
Case studies from: Google, Linkedin, Alibaba, Twitter, and more...
-
Stream Processing @ Scale
Technologies and techniques to handle ever increasing data streams
-
Culture As Differentiator
Stories of companies and team for whom engineering culture is a differentiator - in delivering faster, in attracting better talent, and in making their businesses more successful.
-
Practical DevOps for Cloud Architectures
Real-world lessons and practices that enable the devops nirvana of operating what you build
-
Incredible Power of an Open-Sourced .NET
.NET is more than you may think. From Rx to C# 7 designed in the open, learn more about the power of open source .NET
-
Sponsored Solutions Track 1
Tuesday, 14 June
-
Better than Resilient: Antifragile
Failure is a constant in production systems, learn how to wield it to your advantage to build more robust systems.
-
Innovations in Java and the Java Ecosystem
Cutting Edge Java Innovations for the Real World
-
Modern CS in the Real World
Real-world Industry adoption of modern CS ideas
-
Containers: From Dev to Prod
Beyond the buzz and into the how and why of running containers in production
-
Security War Stories
Expert-level security track led by well known and respected leaders in the field
-
Sponsored Solutions Track 2
Wednesday, 15 June
-
Microservices and Monoliths
Practical lessons on services. Asks the question when and when to NOT go with Microservices?
-
Modern API Architecture - Tools, Methods, Tactics
API-based application development, and the tooling and techniques to support effectively working with APIs in the small or at scale. Using internal and external APIs
-
Commoditized Machine Learning
Barriers to entry for applied ML are lower than ever before, jumpstart your journey
-
Full Stack JavaScript
Browser, server, devices - JavaScript is everywhere
-
Optimizing Yourself
Keeping life in balance is always a challenge. Learning lifehacks
-
Sponsored Solutions Track 3
