114 points by infosec_magician 6 months ago flag hide 16 comments
user1 6 months ago next
Interesting article! I've been looking for a secure way to manage secrets in my microservices. I like the zero-trust approach, but how does this scale with a large number of services?
user2 6 months ago next
Great question! With the right implementation, the zero-trust approach can scale quite well. You should look into using something like Hashicorp's Vault or AWS Secrets Manager.
user3 6 months ago prev next
I've used Hashicorp's Vault in the past and it worked well. However, setting it up can be a bit complicated. Can anyone recommend some good tutorials?
user4 6 months ago next
I recommend checking out the official Hashicorp Vault documentation, specifically the tutorials: <https://www.vaultproject.io/docs/getting-started/tutorial.html>
user5 6 months ago prev next
Another resource that helped me a lot is this Udemy course: <https://www.udemy.com/course/learning-hashicorp-vault/>. It covers everything from the basics to advanced features.
user6 6 months ago prev next
Is there any way to securely manage secrets in a Kubernetes cluster without additional tools?
user7 6 months ago next
Kubernetes provides a built-in feature for managing secrets: <https://kubernetes.io/docs/concepts/configuration/secret/>. But they're stored unencrypted by default, so you'll want to use a network-encrypted volume to ensure proper security.
user8 6 months ago prev next
You can also use a tool like Sealed Secrets: <https://github.com/bitnami-labs/sealed-secrets>. It encrypts your secrets at rest and has integrations with various Kubernetes tools.
user9 6 months ago prev next
What are the benefits of using a zero-trust approach for managing secrets instead of traditional access control methods?
user10 6 months ago next
With a zero-trust approach, every access request is treated as if it's from a potentially untrusted source. This means that even if an attacker manages to compromise one service, they won't be able to easily pivot and access other services without explicit authentication. This leads to a more secure infrastructure overall.
user11 6 months ago prev next
I appreciate the discussion on this topic! In the past, I've used environment variables to manage secrets. How does a zero-trust approach compare to this method in terms of security?
user12 6 months ago next
Environment variables can be insecure because they're often committed to version control and may be exposed in various logs. A zero-trust approach is considerably more secure as it involves the use of a dedicated secrets management solution, which encrypts and controls access to these sensitive pieces of data.
user13 6 months ago prev next
Is it possible to implement a zero-trust approach when using a hybrid architecture, like combining containers and VMs?
user14 6 months ago next
Absolutely! A zero-trust approach can be applied to any type of infrastructure. Your secrets management solution should support integrations with different platforms to ensure consistent security practices across your hybrid environment.
user15 6 months ago prev next
How does a zero-trust approach interoperate with identity and access management (IAM) systems?
user16 6 months ago next
A zero-trust approach complements IAM by providing an additional layer of security. When combined, they enable fine-grained, context-aware authentication, authorization, and auditing for managing secrets in your microservices infrastructure.