Fueling innovative software
July 15-18, 2019
Portland, OR

Secrets in serverless

Seth Vargo (Google)
1:45pm2:25pm Thursday, July 18, 2019
Live Coding ONLY
Location: Portland 252
Average rating: ****.
(4.50, 6 ratings)

Who is this presentation for?

  • Developers, operations engineers, security architects, and DevOps engineers




Serverless applications and cloud functions often need to communicate with an upstream API or service. Perhaps they require a username and password to connect to a database, an API key to talk to an upstream service, or a certificate to authenticate to an API. This always raises the question: How do I safely and securely inject secrets or credentials into my serverless lambda or cloud function?

Seth Vargo dives into patterns and approaches for managing secrets in serverless, including the benefits and drawbacks of each approach. Specifically, he explores IAM, environment variables, encrypted environment variables, and secrets managers like HashiCorp Vault, featuring a live demo with your participation for each example.

What you'll learn

  • Gain an arsenal of knowledge about how to best secure your secrets in serverless environments
Photo of Seth Vargo

Seth Vargo


Seth Vargo is an engineer at Google Cloud. Previously he worked at HashiCorp, Chef Software, CustomInk, and some Pittsburgh-based startups. He is the author of Learning Chef and is passionate about reducing inequality in technology. When he is not writing, working on open source, teaching, or speaking at conferences, Seth advises non-profits.