The 12-Factor App manifesto has trained us to pass configuration information into containers in the form of environment variables. In many cases, that config information includes secrets, such as passwords and certificates that allow containers to identify and communicate with each other. If those secrets are leaked, an attacker has information that could enable a serious system compromise.
Liz Rice outlines some of the ways that your secrets are more accessible than you might think. For example, did you know that any environment variable in a container is easily accessible from the host machine? Liz covers approaches for encrypting your secrets and explains how these can be set up under orchestrators like Docker Swarm and Kubernetes, including key management systems and key rotation.
Actions speak louder than words, so Liz also digs into the technical details with live demonstrations and concludes by sharing a checklist of things to address to keep your container secrets secure.
Liz Rice is the technology evangelist at container security specialists Aqua Security and coauthor of the O’Reilly report Kubernetes Security. She has a wealth of software development, team, and product management experience from her years spent working on network protocols and distributed systems and in digital technology sectors such as video on demand (VOD), music, and voice over internet protocol (VoIP). When not building startups and writing code, Liz loves riding bikes in places with better weather than her native London or racing in virtual reality on Zwift.
©2017, O’Reilly UK Ltd • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org