Episode 4. Secure Coding — Software Security tools used for Sensitive data in 2022

What is a secret manager?

1 . Google Secret Manager:

// config/secret_manager.jsconst { SecretManagerServiceClient } = require('@google-cloud/secret-manager');const client = new SecretManagerServiceClient(); 
async function getSecret(name) {
const [version] = await client.accessSecretVersion({ name });
const secretValue = JSON.parse(version.payload.data.toString());
return secretValue;
}
module.exports = getSecret;

2. AWS Secrets Manager:

  • Encrypts secrets at rest using encryption keys.
  • Also, it decrypts the secret, and then it transmits securely over TLS.
  • Provides code samples that help to call Secrets Manager APIs
  • It has client-side caching libraries to improve the availability and reduce the latency of using your secrets.
  • Configure Amazon VPC (Virtual Private Cloud) endpoints to keep traffic within the AWS network.
  • We can know more about AWS here.

3. Azure Key Vault:

4. Docker secrets:

5. Doppler:

6. Vault:

7. Akeyless Vault:

  • Globally available, SaaS-based platform that offers a built-in high availability (HA) and disaster recovery (DR) by leveraging cloud-native architecture on top of a multi-region and multi-cloud service.
  • Advanced secrets management provides a secure vault for static & dynamic secrets such as passwords, credentials, API keys, tokens, etc.
  • Akeyless Vault enables provisioning and injection of all types of secrets to all your servers, applications, and workloads, providing a wide variety of plugins that allow you to connect to all your DevOps and IT Platforms such as CI/CD, configuration management, and orchestration tools such as Kubernetes & Docker.
  • SaaS — no deployment, installation, or maintenance necessary
  • Instant onboarding with automatic migration of secrets from known existing secrets repositories
  • Zero-Trust Application Access (AKA Remote Access) by providing unified authentication and just-in-time access credentials, allowing you to secure the perimeter-less applications and infrastructure.
  • Encryption as-a-Service, to allow customers to protect sensitive personal & business data by applying advanced FIPS 140–2 certified app-level encryption.

8. Confidant:

  • KMS Authentication
  • At-rest encryption of versioned secrets
  • A user-friendly web interface for managing secrets
  • Generate tokens that can be applied for service-to-service authentication or to pass encrypted messages between services.

9. Knox:

10. Strongbox:

Video:

Closing Thoughts:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store