SlideShare una empresa de Scribd logo

Secure Credential Management with CredHub - Eoghan Kelleher

VMware Tanzu
VMware Tanzu

Secure Credential Management with CredHub by Eoghan Kelleher at SpringOne Tour 2019

Software
1 de 24
Descargar para leer sin conexión
© Copyright 2018 Pivotal Software, Inc. All rights Reserved. CredHub and Secure Credential Management Eoghan Kelleher, Senior Platform Architect ekelleher@pivotal.io @eoghan_kelleher
Why CredHub?
Story of CredHub Configuring Credentials is Hard Tesla: Unsecured Kubernetes console gave hackers access to infra creds and mined bitcoin using hacked creds Oklahoma Securities Commission: Millions of files including FBI files and Social Security numbers exposed by public server with no password Leaking Credentials is Easy Uber: Code found on GitHub containing usernames and passwords Detecting Credential Leaks is Hard Equifax: Hackers roamed its systems undetected from mid-May through late July 2017
Story of CredHub G enerate Encrypt R otate Audit Access Control Configuring Credentials is Hard Tesla: Unsecured Kubernetes console gave hackers access to infra creds and mined bitcoin using hacked creds Oklahoma Securities Commission: Millions of files including FBI files and Social Security numbers exposed by public server with no password Leaking Credentials is Easy Uber: Code found on GitHub containing usernames and passwords Detecting Credential Leaks is Hard Equifax: Hackers roamed its systems undetected from mid-May through late July 2017
Pivotal Application Service Pivotal Container Service CredHub in PCF Concourse
Java mapping to CredHub REST API Supports all credential types and operations Spring Boot auto-configuration support Apps deployed to CF with Java Buildpack automatically negotiate mutual TLS Spring CredHub
What is CredHub?
Architecture CredHub CLI BOSH REST API Authentication Provider Encryption Provider (HSM) Backing SQL Database
Credential API Credential Types ● value - a simple string, used for configuration and other non-generated properties ● password - a simple string, used for generated secrets ● user - username and password pair ● json - a JSON object ● certificate - an object containing a root CA, certificate and private key ● rsa - an object containing an RSA public key and private key ● ssh - an object containing an SSH-formatted public key and private key https://credhub-api-cfapps.io Operations ● Get/Set/Generate/Delete Credential ● Get/Add/Delete Permission ● Interpolate (VCAP_SERVICES) Authentication ● Mutual TLS ● OAuth2 with UAA
CredHub for Operators
BOSH Benefits $ bosh -e pcf -d pcf manifest Simplified Deployment Manifests vs Relax Access to BOSH Director Enables Sharing of Deployment Manifests& $ bosh -e pcf -d pcf manifest vs
CredHub and Concourse
CredHub & Concourse Simplified Pipeline Params files Enables Sharing of Concourse Pipelines
CredHub and Service Broker Credentials Pivotal Application Service
Service Broker Integration $ cf env app-name "VCAP_SERVICES": { "service-name": {{ "credentials": { "uri": "https://service-1.example.com", "username" : "VofTuQk2BH ", "password" : "fRqah7Wygi" }, "label": "service-label", "name": "my-service", "syslog_drain_url": "", "tags": [], "volume_mounts": [], }} } $ cf env app-name "VCAP_SERVICES": { "service-name": {{ "credentials": { "credhub_ref": "/c/[broker-id]/[instance-id]/[binding-id]/credentials" }, "label": "service-label", "name": "my-service", "syslog_drain_url": "", "tags": [], "volume_mounts": [], }} }
Where Binding Credentials Live Cloud Controller database (encrypted) Cloud Controller REST API responses ● /v2/apps/:guid/env ● /v2/service_bindings/:guid Staged application droplets cf ssh Manual ssh Process Environment Application Memory
>Demo
Diego Cell Diego Cloud Foundry Resolution CredHub App cf push create env POST /interpolate VCAP_SERVICES Cloud Controller V##P_##### VCAP_SERVICESV##P_#####
Credential Interpolation “VCAP_SERVICES”: { “my-service”: [{ “credentials”: { “credhub-ref”: “/c/my-broker/1111/2222/credentials” }, }] } “VCAP_SERVICES”: { “service-name”: [{ “credentials”: { “uri”: “https://service-6yQVNrhZVP.example.com”, “username”: “VofTuQk2BH”, “password”: “fRqah7Wygi” }, }] } POST /interpolate interpolated credentials CredHub
Securing User Provided Credentials Pivotal Application Service
Creating CredHub Service Broker Instances create service instance create service instance Cloud Controller CredHub Service Broker CredHub cf create-service credhub default dbcreds -c '{"username": "name", "password": "CREDHUB_SECRET"}'
Securing User Provided Services - CredHub Service Broker Diego Cell Diego CredHub App POST /interpolate VCAP_SERVICES CredHub Broker V##P_##### cf create-service cred: dbpassword
Sharing CredHub Service Instances cf share-service dbcreds DBA DBASpace DevSpace Diego Cell App cf update-service dbcreds cf bind-service myapp dbcreds Developer
>Demo

Recomendados

Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloakGuy Marom
 
A tale of application development
A tale of application developmentA tale of application development
A tale of application developmentNicolas Corrarello
 
RAR and GNAP for VC HTTP API
RAR and GNAP for VC HTTP APIRAR and GNAP for VC HTTP API
RAR and GNAP for VC HTTP APIJustin Richer
 
Identity management and single sign on - how much flexibility
Identity management and single sign on - how much flexibilityIdentity management and single sign on - how much flexibility
Identity management and single sign on - how much flexibilityRyan Dawson
 
Building Beautiful REST APIs with ASP.NET Core
Building Beautiful REST APIs with ASP.NET CoreBuilding Beautiful REST APIs with ASP.NET Core
Building Beautiful REST APIs with ASP.NET CoreStormpath
 
Foreman Single Sign-On Made Easy with Keycloak
Foreman Single Sign-On Made Easy with KeycloakForeman Single Sign-On Made Easy with Keycloak
Foreman Single Sign-On Made Easy with KeycloakNikhil Kathole
 
How Netflix Is Solving Authorization Across Their Cloud
How Netflix Is Solving Authorization Across Their CloudHow Netflix Is Solving Authorization Across Their Cloud
How Netflix Is Solving Authorization Across Their CloudTorin Sandall
 
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler WebinarKeycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler Webinarmarcuschristie
 

Recomendados

Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloakGuy Marom
 
A tale of application development
A tale of application developmentA tale of application development
A tale of application developmentNicolas Corrarello
 
RAR and GNAP for VC HTTP API
RAR and GNAP for VC HTTP APIRAR and GNAP for VC HTTP API
RAR and GNAP for VC HTTP APIJustin Richer
 
Identity management and single sign on - how much flexibility
Identity management and single sign on - how much flexibilityIdentity management and single sign on - how much flexibility
Identity management and single sign on - how much flexibilityRyan Dawson
 
Building Beautiful REST APIs with ASP.NET Core
Building Beautiful REST APIs with ASP.NET CoreBuilding Beautiful REST APIs with ASP.NET Core
Building Beautiful REST APIs with ASP.NET CoreStormpath
 
Foreman Single Sign-On Made Easy with Keycloak
Foreman Single Sign-On Made Easy with KeycloakForeman Single Sign-On Made Easy with Keycloak
Foreman Single Sign-On Made Easy with KeycloakNikhil Kathole
 
How Netflix Is Solving Authorization Across Their Cloud
How Netflix Is Solving Authorization Across Their CloudHow Netflix Is Solving Authorization Across Their Cloud
How Netflix Is Solving Authorization Across Their CloudTorin Sandall
 
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler WebinarKeycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler Webinarmarcuschristie
 
FIWARE Training: JSON-LD and NGSI-LD
FIWARE Training: JSON-LD and NGSI-LDFIWARE Training: JSON-LD and NGSI-LD
FIWARE Training: JSON-LD and NGSI-LDFIWARE
 
Building Open Source Identity Management with FreeIPA
Building Open Source Identity Management with FreeIPABuilding Open Source Identity Management with FreeIPA
Building Open Source Identity Management with FreeIPALDAPCon
 
Securing Your Deployment with MongoDB and Red Hat's Identity Management in Re...
Securing Your Deployment with MongoDB and Red Hat's Identity Management in Re...Securing Your Deployment with MongoDB and Red Hat's Identity Management in Re...
Securing Your Deployment with MongoDB and Red Hat's Identity Management in Re...MongoDB
 
Attacking and Defending Kubernetes - Nithin Jois
Attacking and Defending Kubernetes - Nithin JoisAttacking and Defending Kubernetes - Nithin Jois
Attacking and Defending Kubernetes - Nithin JoisOWASP Hacker Thursday
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak Abhishek Koserwal
 
A serverless IoT story from design to production and monitoring
A serverless IoT story from design to production and monitoringA serverless IoT story from design to production and monitoring
A serverless IoT story from design to production and monitoringCodeValue
 
Web 20 Security - Vordel
Web 20 Security - VordelWeb 20 Security - Vordel
Web 20 Security - Vordelguest2a1135
 
Securing your apps with OAuth2 and OpenID Connect - Roland Guijt - Codemotion...
Securing your apps with OAuth2 and OpenID Connect - Roland Guijt - Codemotion...Securing your apps with OAuth2 and OpenID Connect - Roland Guijt - Codemotion...
Securing your apps with OAuth2 and OpenID Connect - Roland Guijt - Codemotion...Codemotion
 
Attacking REST API
Attacking REST APIAttacking REST API
Attacking REST APISiddharth Bezalwar
 
Building a Microgateway in Ballerina_KubeCon 2108
Building a Microgateway in Ballerina_KubeCon 2108Building a Microgateway in Ballerina_KubeCon 2108
Building a Microgateway in Ballerina_KubeCon 2108Ballerina
 
Security enforcement of Java Microservices with Apiman & Keycloak
Security enforcement of Java Microservices with Apiman & KeycloakSecurity enforcement of Java Microservices with Apiman & Keycloak
Security enforcement of Java Microservices with Apiman & KeycloakCharles Moulliard
 
Json web token api authorization
Json web token api authorizationJson web token api authorization
Json web token api authorizationGiulio De Donato
 
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE
 
INTERFACE by apidays - TxAuth: the future of OAuth? by Dick Hardt
INTERFACE by apidays - TxAuth: the future of OAuth? by Dick HardtINTERFACE by apidays - TxAuth: the future of OAuth? by Dick Hardt
INTERFACE by apidays - TxAuth: the future of OAuth? by Dick Hardtapidays
 
Istio's mixer policy enforcement with custom adapters (cloud nativecon 17)
Istio's mixer policy enforcement with custom adapters (cloud nativecon 17)Istio's mixer policy enforcement with custom adapters (cloud nativecon 17)
Istio's mixer policy enforcement with custom adapters (cloud nativecon 17)Torin Sandall
 
Hack Proof: Software Design for a Hostile Internet
Hack Proof: Software Design for a Hostile InternetHack Proof: Software Design for a Hostile Internet
Hack Proof: Software Design for a Hostile InternetRob Bogue
 
State of JSON Web Tokens at Employment Hero
State of JSON Web Tokens at Employment HeroState of JSON Web Tokens at Employment Hero
State of JSON Web Tokens at Employment HeroLuong Vo
 
Developing Business Blockchain Applications on Hyperledger
Developing Business Blockchain Applications on Hyperledger Developing Business Blockchain Applications on Hyperledger
Developing Business Blockchain Applications on Hyperledger IMC Institute
 
Intro to the Alfresco Public API
Intro to the Alfresco Public APIIntro to the Alfresco Public API
Intro to the Alfresco Public APIJeff Potts
 
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldAn Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldVMware Tanzu
 
Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan
Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan
Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan VMware Tanzu
 
CredHub and Secure Credential Management
CredHub and Secure Credential ManagementCredHub and Secure Credential Management
CredHub and Secure Credential ManagementVMware Tanzu
 

Más contenido relacionado

La actualidad más candente

FIWARE Training: JSON-LD and NGSI-LD
FIWARE Training: JSON-LD and NGSI-LDFIWARE Training: JSON-LD and NGSI-LD
FIWARE Training: JSON-LD and NGSI-LDFIWARE
 
Building Open Source Identity Management with FreeIPA
Building Open Source Identity Management with FreeIPABuilding Open Source Identity Management with FreeIPA
Building Open Source Identity Management with FreeIPALDAPCon
 
Securing Your Deployment with MongoDB and Red Hat's Identity Management in Re...
Securing Your Deployment with MongoDB and Red Hat's Identity Management in Re...Securing Your Deployment with MongoDB and Red Hat's Identity Management in Re...
Securing Your Deployment with MongoDB and Red Hat's Identity Management in Re...MongoDB
 
Attacking and Defending Kubernetes - Nithin Jois
Attacking and Defending Kubernetes - Nithin JoisAttacking and Defending Kubernetes - Nithin Jois
Attacking and Defending Kubernetes - Nithin JoisOWASP Hacker Thursday
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak Abhishek Koserwal
 
A serverless IoT story from design to production and monitoring
A serverless IoT story from design to production and monitoringA serverless IoT story from design to production and monitoring
A serverless IoT story from design to production and monitoringCodeValue
 
Web 20 Security - Vordel
Web 20 Security - VordelWeb 20 Security - Vordel
Web 20 Security - Vordelguest2a1135
 
Securing your apps with OAuth2 and OpenID Connect - Roland Guijt - Codemotion...
Securing your apps with OAuth2 and OpenID Connect - Roland Guijt - Codemotion...Securing your apps with OAuth2 and OpenID Connect - Roland Guijt - Codemotion...
Securing your apps with OAuth2 and OpenID Connect - Roland Guijt - Codemotion...Codemotion
 
Building a Microgateway in Ballerina_KubeCon 2108
Building a Microgateway in Ballerina_KubeCon 2108Building a Microgateway in Ballerina_KubeCon 2108
Building a Microgateway in Ballerina_KubeCon 2108Ballerina
 
Security enforcement of Java Microservices with Apiman & Keycloak
Security enforcement of Java Microservices with Apiman & KeycloakSecurity enforcement of Java Microservices with Apiman & Keycloak
Security enforcement of Java Microservices with Apiman & KeycloakCharles Moulliard
 
Json web token api authorization
Json web token api authorizationJson web token api authorization
Json web token api authorizationGiulio De Donato
 
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE
 
INTERFACE by apidays - TxAuth: the future of OAuth? by Dick Hardt
INTERFACE by apidays - TxAuth: the future of OAuth? by Dick HardtINTERFACE by apidays - TxAuth: the future of OAuth? by Dick Hardt
INTERFACE by apidays - TxAuth: the future of OAuth? by Dick Hardtapidays
 
Istio's mixer policy enforcement with custom adapters (cloud nativecon 17)
Istio's mixer policy enforcement with custom adapters (cloud nativecon 17)Istio's mixer policy enforcement with custom adapters (cloud nativecon 17)
Istio's mixer policy enforcement with custom adapters (cloud nativecon 17)Torin Sandall
 
Hack Proof: Software Design for a Hostile Internet
Hack Proof: Software Design for a Hostile InternetHack Proof: Software Design for a Hostile Internet
Hack Proof: Software Design for a Hostile InternetRob Bogue
 
State of JSON Web Tokens at Employment Hero
State of JSON Web Tokens at Employment HeroState of JSON Web Tokens at Employment Hero
State of JSON Web Tokens at Employment HeroLuong Vo
 
Developing Business Blockchain Applications on Hyperledger
Developing Business Blockchain Applications on Hyperledger Developing Business Blockchain Applications on Hyperledger
Developing Business Blockchain Applications on Hyperledger IMC Institute
 
Intro to the Alfresco Public API
Intro to the Alfresco Public APIIntro to the Alfresco Public API
Intro to the Alfresco Public APIJeff Potts
 
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldAn Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldVMware Tanzu
 

La actualidad más candente (20)

FIWARE Training: JSON-LD and NGSI-LD
FIWARE Training: JSON-LD and NGSI-LDFIWARE Training: JSON-LD and NGSI-LD
FIWARE Training: JSON-LD and NGSI-LD
 
Building Open Source Identity Management with FreeIPA
Building Open Source Identity Management with FreeIPABuilding Open Source Identity Management with FreeIPA
Building Open Source Identity Management with FreeIPA
 
Securing Your Deployment with MongoDB and Red Hat's Identity Management in Re...
Securing Your Deployment with MongoDB and Red Hat's Identity Management in Re...Securing Your Deployment with MongoDB and Red Hat's Identity Management in Re...
Securing Your Deployment with MongoDB and Red Hat's Identity Management in Re...
 
Attacking and Defending Kubernetes - Nithin Jois
Attacking and Defending Kubernetes - Nithin JoisAttacking and Defending Kubernetes - Nithin Jois
Attacking and Defending Kubernetes - Nithin Jois
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak
 
A serverless IoT story from design to production and monitoring
A serverless IoT story from design to production and monitoringA serverless IoT story from design to production and monitoring
A serverless IoT story from design to production and monitoring
 
Web 20 Security - Vordel
Web 20 Security - VordelWeb 20 Security - Vordel
Web 20 Security - Vordel
 
Securing your apps with OAuth2 and OpenID Connect - Roland Guijt - Codemotion...
Securing your apps with OAuth2 and OpenID Connect - Roland Guijt - Codemotion...Securing your apps with OAuth2 and OpenID Connect - Roland Guijt - Codemotion...
Securing your apps with OAuth2 and OpenID Connect - Roland Guijt - Codemotion...
 
Attacking REST API
Attacking REST APIAttacking REST API
Attacking REST API
 
Building a Microgateway in Ballerina_KubeCon 2108
Building a Microgateway in Ballerina_KubeCon 2108Building a Microgateway in Ballerina_KubeCon 2108
Building a Microgateway in Ballerina_KubeCon 2108
 
Security enforcement of Java Microservices with Apiman & Keycloak
Security enforcement of Java Microservices with Apiman & KeycloakSecurity enforcement of Java Microservices with Apiman & Keycloak
Security enforcement of Java Microservices with Apiman & Keycloak
 
Json web token api authorization
Json web token api authorizationJson web token api authorization
Json web token api authorization
 
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
 
INTERFACE by apidays - TxAuth: the future of OAuth? by Dick Hardt
INTERFACE by apidays - TxAuth: the future of OAuth? by Dick HardtINTERFACE by apidays - TxAuth: the future of OAuth? by Dick Hardt
INTERFACE by apidays - TxAuth: the future of OAuth? by Dick Hardt
 
Istio's mixer policy enforcement with custom adapters (cloud nativecon 17)
Istio's mixer policy enforcement with custom adapters (cloud nativecon 17)Istio's mixer policy enforcement with custom adapters (cloud nativecon 17)
Istio's mixer policy enforcement with custom adapters (cloud nativecon 17)
 
Hack Proof: Software Design for a Hostile Internet
Hack Proof: Software Design for a Hostile InternetHack Proof: Software Design for a Hostile Internet
Hack Proof: Software Design for a Hostile Internet
 
State of JSON Web Tokens at Employment Hero
State of JSON Web Tokens at Employment HeroState of JSON Web Tokens at Employment Hero
State of JSON Web Tokens at Employment Hero
 
Developing Business Blockchain Applications on Hyperledger
Developing Business Blockchain Applications on Hyperledger Developing Business Blockchain Applications on Hyperledger
Developing Business Blockchain Applications on Hyperledger
 
Intro to the Alfresco Public API
Intro to the Alfresco Public APIIntro to the Alfresco Public API
Intro to the Alfresco Public API
 
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldAn Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices World
 

Similar a Secure Credential Management with CredHub - Eoghan Kelleher

Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan
Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan
Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan VMware Tanzu
 
CredHub and Secure Credential Management
CredHub and Secure Credential ManagementCredHub and Secure Credential Management
CredHub and Secure Credential ManagementVMware Tanzu
 
FIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access ControlFIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access ControlFIWARE
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack ArchitectureMirantis
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack ArchitectureMirantis
 
CredHub and Secure Credential Management
CredHub and Secure Credential ManagementCredHub and Secure Credential Management
CredHub and Secure Credential ManagementVMware Tanzu
 
FIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE
 
Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your appÁlvaro Alonso González
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppFIWARE
 
Using CredHub for Kubernetes Deployments
Using CredHub for Kubernetes DeploymentsUsing CredHub for Kubernetes Deployments
Using CredHub for Kubernetes DeploymentsVMware Tanzu
 
Globus Auth: A Research Identity and Access Management Platform
Globus Auth: A Research Identity and Access Management PlatformGlobus Auth: A Research Identity and Access Management Platform
Globus Auth: A Research Identity and Access Management PlatformIan Foster
 
Building APIs in an easy way using API Platform
Building APIs in an easy way using API PlatformBuilding APIs in an easy way using API Platform
Building APIs in an easy way using API PlatformAntonio Peric-Mazar
 
FIWARE Global Summit - Identity Management and Access Control
FIWARE Global Summit - Identity Management and Access ControlFIWARE Global Summit - Identity Management and Access Control
FIWARE Global Summit - Identity Management and Access ControlFIWARE
 
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE
 
Shifting security left simplifying security for k8s open shift environments
Shifting security left simplifying security for k8s open shift environmentsShifting security left simplifying security for k8s open shift environments
Shifting security left simplifying security for k8s open shift environmentsLibbySchulze
 
Getting Started with Globus for Developers
Getting Started with Globus for DevelopersGetting Started with Globus for Developers
Getting Started with Globus for DevelopersGlobus
 
Secure Configuration and Automation Overview
Secure Configuration and Automation OverviewSecure Configuration and Automation Overview
Secure Configuration and Automation OverviewAmazon Web Services
 
RoadSec 2017 - Trilha AppSec - APIs Authorization
RoadSec 2017 - Trilha AppSec - APIs AuthorizationRoadSec 2017 - Trilha AppSec - APIs Authorization
RoadSec 2017 - Trilha AppSec - APIs AuthorizationErick Belluci Tedeschi
 

Similar a Secure Credential Management with CredHub - Eoghan Kelleher (20)

Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan
Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan
Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan
 
CredHub and Secure Credential Management
CredHub and Secure Credential ManagementCredHub and Secure Credential Management
CredHub and Secure Credential Management
 
FIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access ControlFIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access Control
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack Architecture
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack Architecture
 
CredHub and Secure Credential Management
CredHub and Secure Credential ManagementCredHub and Secure Credential Management
CredHub and Secure Credential Management
 
FIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE Identity Management and Access Control
FIWARE Identity Management and Access Control
 
Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your app
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your App
 
Using CredHub for Kubernetes Deployments
Using CredHub for Kubernetes DeploymentsUsing CredHub for Kubernetes Deployments
Using CredHub for Kubernetes Deployments
 
Externalized Spring Boot App Configuration
Externalized Spring Boot App ConfigurationExternalized Spring Boot App Configuration
Externalized Spring Boot App Configuration
 
Api security
Api security Api security
Api security
 
Globus Auth: A Research Identity and Access Management Platform
Globus Auth: A Research Identity and Access Management PlatformGlobus Auth: A Research Identity and Access Management Platform
Globus Auth: A Research Identity and Access Management Platform
 
Building APIs in an easy way using API Platform
Building APIs in an easy way using API PlatformBuilding APIs in an easy way using API Platform
Building APIs in an easy way using API Platform
 
FIWARE Global Summit - Identity Management and Access Control
FIWARE Global Summit - Identity Management and Access ControlFIWARE Global Summit - Identity Management and Access Control
FIWARE Global Summit - Identity Management and Access Control
 
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
 
Shifting security left simplifying security for k8s open shift environments
Shifting security left simplifying security for k8s open shift environmentsShifting security left simplifying security for k8s open shift environments
Shifting security left simplifying security for k8s open shift environments
 
Getting Started with Globus for Developers
Getting Started with Globus for DevelopersGetting Started with Globus for Developers
Getting Started with Globus for Developers
 
Secure Configuration and Automation Overview
Secure Configuration and Automation OverviewSecure Configuration and Automation Overview
Secure Configuration and Automation Overview
 
RoadSec 2017 - Trilha AppSec - APIs Authorization
RoadSec 2017 - Trilha AppSec - APIs AuthorizationRoadSec 2017 - Trilha AppSec - APIs Authorization
RoadSec 2017 - Trilha AppSec - APIs Authorization
 

Más de VMware Tanzu

What AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItWhat AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItVMware Tanzu
 
Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023VMware Tanzu
 
Enhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at ScaleEnhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at ScaleVMware Tanzu
 
Spring Update | July 2023
Spring Update | July 2023Spring Update | July 2023
Spring Update | July 2023VMware Tanzu
 
Platforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a ProductPlatforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a ProductVMware Tanzu
 
Building Cloud Ready Apps
Building Cloud Ready AppsBuilding Cloud Ready Apps
Building Cloud Ready AppsVMware Tanzu
 
Spring Boot 3 And Beyond
Spring Boot 3 And BeyondSpring Boot 3 And Beyond
Spring Boot 3 And BeyondVMware Tanzu
 
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdfSpring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdfVMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023VMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023VMware Tanzu
 
tanzu_developer_connect.pptx
tanzu_developer_connect.pptxtanzu_developer_connect.pptx
tanzu_developer_connect.pptxVMware Tanzu
 
Tanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - FrenchTanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - FrenchVMware Tanzu
 
Tanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishTanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishVMware Tanzu
 
Virtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVirtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVMware Tanzu
 
Tanzu Developer Connect - French
Tanzu Developer Connect - FrenchTanzu Developer Connect - French
Tanzu Developer Connect - FrenchVMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023VMware Tanzu
 
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring BootSpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring BootVMware Tanzu
 
SpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerSpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerVMware Tanzu
 
SpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs PracticeSpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs PracticeVMware Tanzu
 
SpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense SolutionsSpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense SolutionsVMware Tanzu
 

Más de VMware Tanzu (20)

What AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItWhat AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About It
 
Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023
 
Enhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at ScaleEnhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at Scale
 
Spring Update | July 2023
Spring Update | July 2023Spring Update | July 2023
Spring Update | July 2023
 
Platforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a ProductPlatforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a Product
 
Building Cloud Ready Apps
Building Cloud Ready AppsBuilding Cloud Ready Apps
Building Cloud Ready Apps
 
Spring Boot 3 And Beyond
Spring Boot 3 And BeyondSpring Boot 3 And Beyond
Spring Boot 3 And Beyond
 
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdfSpring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
 
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
 
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
 
tanzu_developer_connect.pptx
tanzu_developer_connect.pptxtanzu_developer_connect.pptx
tanzu_developer_connect.pptx
 
Tanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - FrenchTanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - French
 
Tanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishTanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - English
 
Virtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVirtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - English
 
Tanzu Developer Connect - French
Tanzu Developer Connect - FrenchTanzu Developer Connect - French
Tanzu Developer Connect - French
 
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
 
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring BootSpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
 
SpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerSpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software Engineer
 
SpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs PracticeSpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs Practice
 
SpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense SolutionsSpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
 

Último

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfVishalKumarJha10
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesVictorSzoltysek
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionOnePlan Solutions
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfryanfarris8
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfproinshot.com
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...kalichargn70th171
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 

Último (20)

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 

Secure Credential Management with CredHub - Eoghan Kelleher

  • 1. © Copyright 2018 Pivotal Software, Inc. All rights Reserved. CredHub and Secure Credential Management Eoghan Kelleher, Senior Platform Architect ekelleher@pivotal.io @eoghan_kelleher
  • 3. Story of CredHub Configuring Credentials is Hard Tesla: Unsecured Kubernetes console gave hackers access to infra creds and mined bitcoin using hacked creds Oklahoma Securities Commission: Millions of files including FBI files and Social Security numbers exposed by public server with no password Leaking Credentials is Easy Uber: Code found on GitHub containing usernames and passwords Detecting Credential Leaks is Hard Equifax: Hackers roamed its systems undetected from mid-May through late July 2017
  • 4. Story of CredHub G enerate Encrypt R otate Audit Access Control Configuring Credentials is Hard Tesla: Unsecured Kubernetes console gave hackers access to infra creds and mined bitcoin using hacked creds Oklahoma Securities Commission: Millions of files including FBI files and Social Security numbers exposed by public server with no password Leaking Credentials is Easy Uber: Code found on GitHub containing usernames and passwords Detecting Credential Leaks is Hard Equifax: Hackers roamed its systems undetected from mid-May through late July 2017
  • 5. Pivotal Application Service Pivotal Container Service CredHub in PCF Concourse
  • 6. Java mapping to CredHub REST API Supports all credential types and operations Spring Boot auto-configuration support Apps deployed to CF with Java Buildpack automatically negotiate mutual TLS Spring CredHub
  • 9. Credential API Credential Types ● value - a simple string, used for configuration and other non-generated properties ● password - a simple string, used for generated secrets ● user - username and password pair ● json - a JSON object ● certificate - an object containing a root CA, certificate and private key ● rsa - an object containing an RSA public key and private key ● ssh - an object containing an SSH-formatted public key and private key https://credhub-api-cfapps.io Operations ● Get/Set/Generate/Delete Credential ● Get/Add/Delete Permission ● Interpolate (VCAP_SERVICES) Authentication ● Mutual TLS ● OAuth2 with UAA
  • 11. BOSH Benefits $ bosh -e pcf -d pcf manifest Simplified Deployment Manifests vs Relax Access to BOSH Director Enables Sharing of Deployment Manifests& $ bosh -e pcf -d pcf manifest vs
  • 13. CredHub & Concourse Simplified Pipeline Params files Enables Sharing of Concourse Pipelines
  • 14. CredHub and Service Broker Credentials Pivotal Application Service
  • 15. Service Broker Integration $ cf env app-name "VCAP_SERVICES": { "service-name": {{ "credentials": { "uri": "https://service-1.example.com", "username" : "VofTuQk2BH ", "password" : "fRqah7Wygi" }, "label": "service-label", "name": "my-service", "syslog_drain_url": "", "tags": [], "volume_mounts": [], }} } $ cf env app-name "VCAP_SERVICES": { "service-name": {{ "credentials": { "credhub_ref": "/c/[broker-id]/[instance-id]/[binding-id]/credentials" }, "label": "service-label", "name": "my-service", "syslog_drain_url": "", "tags": [], "volume_mounts": [], }} }
  • 16. Where Binding Credentials Live Cloud Controller database (encrypted) Cloud Controller REST API responses ● /v2/apps/:guid/env ● /v2/service_bindings/:guid Staged application droplets cf ssh Manual ssh Process Environment Application Memory
  • 17. >Demo
  • 18. Diego Cell Diego Cloud Foundry Resolution CredHub App cf push create env POST /interpolate VCAP_SERVICES Cloud Controller V##P_##### VCAP_SERVICESV##P_#####
  • 19. Credential Interpolation “VCAP_SERVICES”: { “my-service”: [{ “credentials”: { “credhub-ref”: “/c/my-broker/1111/2222/credentials” }, }] } “VCAP_SERVICES”: { “service-name”: [{ “credentials”: { “uri”: “https://service-6yQVNrhZVP.example.com”, “username”: “VofTuQk2BH”, “password”: “fRqah7Wygi” }, }] } POST /interpolate interpolated credentials CredHub
  • 21. Creating CredHub Service Broker Instances create service instance create service instance Cloud Controller CredHub Service Broker CredHub cf create-service credhub default dbcreds -c '{"username": "name", "password": "CREDHUB_SECRET"}'
  • 22. Securing User Provided Services - CredHub Service Broker Diego Cell Diego CredHub App POST /interpolate VCAP_SERVICES CredHub Broker V##P_##### cf create-service cred: dbpassword
  • 23. Sharing CredHub Service Instances cf share-service dbcreds DBA DBASpace DevSpace Diego Cell App cf update-service dbcreds cf bind-service myapp dbcreds Developer
  • 24. >Demo