Managing spring-boot application Secrets

Badr NASS LAHSEN - CyberArk

Many applications require some sort of secret, such as a database password, a certificate. The growing popularity of Kubernetes and cloud adoption has gotten the attention of attackers and raised the stakes for developers. There are many challenges of secrets management in spring-boot applications.

This session will summarise the different available patterns for securing cloud native application secrets. It will demo open-source secrets management solutions like Conjur for securing access, enforcing policy, and authenticating access requests. Now, developers and DevOps engineers search for the capabilities to properly secure secrets in DevOps Pipelines.

To do their job, developers need to write applications that require secure access to resources via secrets, and security teams need to mitigate risk. This can lead to contention between developers and security teams.

The Talk will cover the following topics:

-Increase the awareness of the vulnerabilities and risks. Remove No hard-coded credentials
-Simplify secrets management
-Introduction to the secret zero problem
-Secure all application types, everywhere with JWT and Cert Based Authentication
-Strong authentication and authorization - ABAC – apply least privilege
-When to use Sidecar and init container patterns to improve applications security in kubernetes ?
-What is the Secretless pattern?
-How to get full auditing and control by security team ?