Brian Vallelunga

Yep. And I think once your surface area grows of team members, infrastructure, Devices, it gets pretty hard to answer those questions confidently, unless you have a dedicated system for it. So I'll be valuable to go into like, what actually does a dedicated solution look like? The first thing is you can centralize all your secrets in it.

Yep. And I think once your surface area grows of team members, infrastructure, Devices, it gets pretty hard to answer those questions confidently, unless you have a dedicated system for it. So I'll be valuable to go into like, what actually does a dedicated solution look like? The first thing is you can centralize all your secrets in it.

So once you know where all your secrets are, you can confidently say, this is the place we're doing. We're not gonna store our secrets in code. We're not gonna send it over email or Slack or Microsoft Teams or wherever it may be. This is the one place you can get all your secrets. Now you have a complete landscape of your secrets.

So once you know where all your secrets are, you can confidently say, this is the place we're doing. We're not gonna store our secrets in code. We're not gonna send it over email or Slack or Microsoft Teams or wherever it may be. This is the one place you can get all your secrets. Now you have a complete landscape of your secrets.

The next thing you should be able to do in this system is you should be able to can set up access controls and audit logs around them. So you can say you have this develop full stack developers have access to the development environment for these sets of projects for the teams they're on. But the DevOps team has access to production.

The next thing you should be able to do in this system is you should be able to can set up access controls and audit logs around them. So you can say you have this develop full stack developers have access to the development environment for these sets of projects for the teams they're on. But the DevOps team has access to production.

So you can start getting access and you have a full audit picture of it. And obviously that audit picture then gets pushed into your auditing tools like Datadog, Simulogic, Amazon, wherever maybe. You should be able to have this infrastructure natively integrated with their developer workflows for local development.

So you can start getting access and you have a full audit picture of it. And obviously that audit picture then gets pushed into your auditing tools like Datadog, Simulogic, Amazon, wherever maybe. You should be able to have this infrastructure natively integrated with their developer workflows for local development.

That way developers aren't working around the system and then recreating that risk you're trying to avoid. And it should be natively integrated with your production and staging infrastructure so that When it is time to roll out a secret, you don't have this race condition of the code arriving before the secrets do. The secrets have to arrive first if the code is going to rely on those secrets.

That way developers aren't working around the system and then recreating that risk you're trying to avoid. And it should be natively integrated with your production and staging infrastructure so that When it is time to roll out a secret, you don't have this race condition of the code arriving before the secrets do. The secrets have to arrive first if the code is going to rely on those secrets.

And so then this kind of gives you this whole picture of I know that if I can see the secret in this project, in this environment, on the solution like the secrets manager, then it's guaranteed in my production infrastructure or it's guaranteed on my developers laptops in a secure way. And that basically gives you the ability to remediate secrets pretty quickly.

And so then this kind of gives you this whole picture of I know that if I can see the secret in this project, in this environment, on the solution like the secrets manager, then it's guaranteed in my production infrastructure or it's guaranteed on my developers laptops in a secure way. And that basically gives you the ability to remediate secrets pretty quickly.

And so the last part of this puzzle is being able to rotate secrets. Rotation is the fancy way of saying, I'm going to swap out the locks on the door. And you got to do it in a way because if you just like immediately destroy the lock, in this case, you'll just bring yourself down in production. So you have to do it in a way that does not create any downtime.

And so the last part of this puzzle is being able to rotate secrets. Rotation is the fancy way of saying, I'm going to swap out the locks on the door. And you got to do it in a way because if you just like immediately destroy the lock, in this case, you'll just bring yourself down in production. So you have to do it in a way that does not create any downtime.

And it's usually requiring a two key system. So like in a database, for example, you don't ever want to not be able to connect to the database. So you'd have two credentials to the database and you swap them and then you rotate one and then you swap again. And so you want a system that does all that. That should not be done by humans.

And it's usually requiring a two key system. So like in a database, for example, you don't ever want to not be able to connect to the database. So you'd have two credentials to the database and you swap them and then you rotate one and then you swap again. And so you want a system that does all that. That should not be done by humans.

That should be done by a system that's running on a schedule where you have an immediate like I'm fucked button. I need to click this thing to get me out of a data breach. And then obviously it orchestrates to the rest of your infrastructure. And so those are the things that you should be looking for in a developer for secrets manager.

That should be done by a system that's running on a schedule where you have an immediate like I'm fucked button. I need to click this thing to get me out of a data breach. And then obviously it orchestrates to the rest of your infrastructure. And so those are the things that you should be looking for in a developer for secrets manager.

A good way that I kind of like talk about it when I'm talking internally with our employees is the game of offense and defense are very different games. The game of defense is build walls around your perimeter as high as possible, as strong as possible, with no cracks in the foundation, right?

A good way that I kind of like talk about it when I'm talking internally with our employees is the game of offense and defense are very different games. The game of defense is build walls around your perimeter as high as possible, as strong as possible, with no cracks in the foundation, right?