jm + secrets   7

mozilla/sops: Secrets management stinks, use some sops!
sops is an editor of encrypted files that supports YAML, JSON and BINARY formats and encrypts with AWS KMS and PGP.
secrets  encryption  security  kms  pgp  gpg  editors  configuration 
11 days ago by jm
Everybody lies: how Google search reveals our darkest secrets | Technology | The Guardian
What can we learn about ourselves from the things we ask online? US data scientist Seth Stephens‑Davidowitz analysed anonymous Google search results, uncovering disturbing truths about [America's] desires, beliefs and prejudices


Fascinating. I find it equally interesting how flawed the existing methodologies for polling and surveying are, compared to Google's data, according to this
science  big-data  google  lying  surveys  polling  secrets  data-science  america  racism  searching 
11 days ago by jm
Vault
HashiCorp's take on the secrets-storage system. looks good
hashicorp  deployment  security  secrets  authentication  vault  storage  keys  key-rotation 
april 2015 by jm
credstash
'CredStash is a very simple, easy to use credential management and distribution system that uses AWS Key Management System (KMS) for key wrapping and master-key storage, and DynamoDB for credential storage and sharing.'
aws  credstash  python  security  keys  key-management  secrets  kms 
april 2015 by jm
Keywhiz
'a secret management and distribution service [from Square] that is now available for everyone. Keywhiz helps us with infrastructure secrets, including TLS certificates and keys, GPG keyrings, symmetric keys, database credentials, API tokens, and SSH keys for external services — and even some non-secrets like TLS trust stores. Automation with Keywhiz allows us to seamlessly distribute and generate the necessary secrets for our services, which provides a consistent and secure environment, and ultimately helps us ship faster. [...]

Keywhiz has been extremely useful to Square. It’s supported both widespread internal use of cryptography and a dynamic microservice architecture. Initially, Keywhiz use decoupled many amalgamations of configuration from secret content, which made secrets more secure and configuration more accessible. Over time, improvements have led to engineers not even realizing Keywhiz is there. It just works. Please check it out.'
square  security  ops  keys  pki  key-distribution  key-rotation  fuse  linux  deployment  secrets  keywhiz 
april 2015 by jm
Trousseau
'an interesting approach to a common problem, that of securely passing secrets around an infrastructure. It uses GPG signed files under the hood and nicely integrates with both version control systems and S3.'

I like this as an approach to securely distributing secrets across a stack of services during deployment. Check in the file of keys, gpg keygen on the server, and add it to the keyfile's ACL during deployment. To simplify, shared or pre-generated GPG keys could also be used.

(via the Devops Weekly newsletter)
gpg  encryption  crypto  secrets  key-distribution  pki  devops  deployment 
february 2014 by jm

Copy this bookmark:



description:


tags: