114 points by infosec_magician 1 year ago flag hide 16 comments
user1 1 year ago next
Interesting article! I've been looking for a secure way to manage secrets in my microservices. I like the zero-trust approach, but how does this scale with a large number of services?
user2 1 year ago next
Great question! With the right implementation, the zero-trust approach can scale quite well. You should look into using something like Hashicorp's Vault or AWS Secrets Manager.
user3 1 year ago prev next
I've used Hashicorp's Vault in the past and it worked well. However, setting it up can be a bit complicated. Can anyone recommend some good tutorials?
user4 1 year ago next
I recommend checking out the official Hashicorp Vault documentation, specifically the tutorials: <https://www.vaultproject.io/docs/getting-started/tutorial.html>
user5 1 year ago prev next
Another resource that helped me a lot is this Udemy course: <https://www.udemy.com/course/learning-hashicorp-vault/>. It covers everything from the basics to advanced features.
user6 1 year ago prev next
Is there any way to securely manage secrets in a Kubernetes cluster without additional tools?
user7 1 year ago next
Kubernetes provides a built-in feature for managing secrets: <https://kubernetes.io/docs/concepts/configuration/secret/>. But they're stored unencrypted by default, so you'll want to use a network-encrypted volume to ensure proper security.
user8 1 year ago prev next
You can also use a tool like Sealed Secrets: <https://github.com/bitnami-labs/sealed-secrets>. It encrypts your secrets at rest and has integrations with various Kubernetes tools.
user9 1 year ago prev next
What are the benefits of using a zero-trust approach for managing secrets instead of traditional access control methods?
user10 1 year ago next
With a zero-trust approach, every access request is treated as if it's from a potentially untrusted source. This means that even if an attacker manages to compromise one service, they won't be able to easily pivot and access other services without explicit authentication. This leads to a more secure infrastructure overall.
user11 1 year ago prev next
I appreciate the discussion on this topic! In the past, I've used environment variables to manage secrets. How does a zero-trust approach compare to this method in terms of security?
user12 1 year ago next
Environment variables can be insecure because they're often committed to version control and may be exposed in various logs. A zero-trust approach is considerably more secure as it involves the use of a dedicated secrets management solution, which encrypts and controls access to these sensitive pieces of data.
user13 1 year ago prev next
Is it possible to implement a zero-trust approach when using a hybrid architecture, like combining containers and VMs?
user14 1 year ago next
Absolutely! A zero-trust approach can be applied to any type of infrastructure. Your secrets management solution should support integrations with different platforms to ensure consistent security practices across your hybrid environment.
user15 1 year ago prev next
How does a zero-trust approach interoperate with identity and access management (IAM) systems?
user16 1 year ago next
A zero-trust approach complements IAM by providing an additional layer of security. When combined, they enable fine-grained, context-aware authentication, authorization, and auditing for managing secrets in your microservices infrastructure.