Serverless applications and cloud functions often need to communicate with an upstream API or service. Perhaps they require a username and password to connect to a database, an API key to talk to an upstream service, or a certificate to authenticate to an API. This always raises the question: How do I safely and securely inject secrets or credentials into my serverless lambda or cloud function?
Seth Vargo dives into patterns and approaches for managing secrets in serverless, including the benefits and drawbacks of each approach. Specifically, he explores IAM, environment variables, encrypted environment variables, and secrets managers like HashiCorp Vault, featuring a live demo with your participation for each example.
Seth Vargo is an engineer at Google Cloud. Previously he worked at HashiCorp, Chef Software, CustomInk, and some Pittsburgh-based startups. He is the author of Learning Chef and is passionate about reducing inequality in technology. When he is not writing, working on open source, teaching, or speaking at conferences, Seth advises non-profits.
©2019, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • email@example.com