How secret scanning helps fight secret sprawl скачать в хорошем качестве

How secret scanning helps fight secret sprawl

Secret scanning is a key activity for DevOps and Security Teams to perform to understand secrets sprawl in their organization. In this whiteboarding session, HashiCorp Co-Founder Armon Dadgar, shows what platform teams do and the benefits they bring. Try Vault Radar → http://hashicorp.com/go/hcp-vault-radar What is secret scanning and why is it important? Secret Scanning is the practice of automatically scanning code and configuration files for secrets. Common types of secrets are passwords that grant privileged access, TLS/PKI, encryption keys, and API tokens. Secrets can inadvertently get distributed across multiple platform or file types like configuration files, hard-coded in applications, and collaboration tools like JIRA, Slack/Teams, and Confluence. HCP Vault Radar scans these systems to discover potentially unmanaged secrets. This allows organizations to better understand their secret inventory so they can be managed in HashiCorp Vault. Important features and characteristics that should be included in any secret scanning tool your organization considers include: Developer relevant data sources Low percentage of of false positives Remediation workflows Ability to prevent secrets from leaking in the first place Secret activeness Vault and Terraform integration 0:00 Secrets scanning and introduction 0:30 What is a secret? 1:44 Risk of secrets sprawl 2:00 Sensitive data & how it's different than a secret? 4:15 Where secrets are commonly distributed 5:30 Where should secrets live? 6:40 HCP Vault Radar introduction 7:40 Secrets inventory and unmanaged secrets 9:20 Risk of false positives 10:00 Can we invalidate or validate scan findings? 11:00 Prioritizing scan findings 14:00 Why scanning needs to be a continuous process? Subscribe to our YouTube Channel → https://www.youtube.com/c/HashiCorp?s... For hands-on interactive labs, visit HashiCorp Developer → https://developer.hashicorp.com/ HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp tools Vagrant, Packer, Terraform, Vault, Consul, Nomad, Boundary, and Waypoint allow organizations to deliver applications faster by helping enterprises transition from manual processes and ITIL practices to self-service automation and DevOps practices. For more information → https://hashicorp.com Twitter →   / hashicorp   LinkedIn →   / hashicorp   Facebook →   / hashicorp