Add secret management topic

pull/3186/head
Kamran Ahmed 2 years ago
parent 534fe54561
commit c7612ca700
  1. 5
      content/roadmaps/102-devops/content-paths.json
  2. 21
      content/roadmaps/102-devops/content/105-infrastructure-as-code/105-secret-management/100-vault.md
  3. 15
      content/roadmaps/102-devops/content/105-infrastructure-as-code/105-secret-management/101-sops.md
  4. 17
      content/roadmaps/102-devops/content/105-infrastructure-as-code/105-secret-management/102-sealed-secrets.md
  5. 14
      content/roadmaps/102-devops/content/105-infrastructure-as-code/105-secret-management/103-cloud-specific-tools.md
  6. 17
      content/roadmaps/102-devops/content/105-infrastructure-as-code/105-secret-management/readme.md
  7. 5505
      public/project/devops.json

@ -17,6 +17,11 @@
"infrastructure-as-code:configuration-management:chef": "/roadmaps/102-devops/content/105-infrastructure-as-code/102-configuration-management/101-chef.md",
"infrastructure-as-code:configuration-management:puppet": "/roadmaps/102-devops/content/105-infrastructure-as-code/102-configuration-management/103-puppet.md",
"infrastructure-as-code:configuration-management:salt": "/roadmaps/102-devops/content/105-infrastructure-as-code/102-configuration-management/102-salt.md",
"infrastructure-as-code:secret-management": "/roadmaps/102-devops/content/105-infrastructure-as-code/105-secret-management/readme.md",
"infrastructure-as-code:secret-management:vault": "/roadmaps/102-devops/content/105-infrastructure-as-code/105-secret-management/100-vault.md",
"infrastructure-as-code:secret-management:sops": "/roadmaps/102-devops/content/105-infrastructure-as-code/105-secret-management/101-sops.md",
"infrastructure-as-code:secret-management:sealed-secrets": "/roadmaps/102-devops/content/105-infrastructure-as-code/105-secret-management/102-sealed-secrets.md",
"infrastructure-as-code:secret-management:cloud-specific-tools": "/roadmaps/102-devops/content/105-infrastructure-as-code/105-secret-management/103-cloud-specific-tools.md",
"infrastructure-as-code:kubernetes": "/roadmaps/102-devops/content/105-infrastructure-as-code/104-kubernetes.md",
"infrastructure-as-code:docker-swarm": "/roadmaps/102-devops/content/105-infrastructure-as-code/104-docker-swarm.md",
"infrastructure-as-code:nomad": "/roadmaps/102-devops/content/105-infrastructure-as-code/104-nomad.md",

@ -0,0 +1,21 @@
# Vault
Vault is a tool for securely storing and managing secrets, such as passwords, API keys, and other sensitive information. It is developed and maintained by Hashicorp and is available as open-source software.
Vault is designed to be highly scalable and flexible, with a wide range of features for managing secrets, including:
* Encryption: Vault uses encryption algorithms and protocols, such as AES and RSA, to securely store secrets.
* Access controls: Vault supports role-based access controls and multi-factor authentication to ensure that only authorized users or systems can access secrets.
* Secret rotation: Vault supports automatic secret rotation, allowing secrets to be regularly rotated to reduce the risk of unauthorized access.
* Auditing: Vault provides auditing capabilities, allowing administrators to track and monitor access to secrets.
Vault is commonly used in DevOps environments to securely store and manage secrets, and it is often used in conjunction with other tools, such as Kubernetes and Helm, to automate the deployment and management of cloud-native applications.
<ResourceGroupTitle>Free Content</ResourceGroupTitle>
<BadgeLink colorScheme='blue' badgeText='Official Website' href='https://www.vaultproject.io/'>Vault - Official Website</BadgeLink>

@ -0,0 +1,15 @@
# SOPS
SOPS (Secrets OPerationS) is an open-source tool for securely storing and managing secrets, such as passwords, API keys, and other sensitive information. It is developed and maintained by Mozilla and is available as a command-line tool and as a library for integration into other applications.
SOPS is designed to be easy to use and highly secure, with a range of features for managing secrets, including:
* Encryption: SOPS uses encryption algorithms and protocols, such as AES and RSA, to securely store secrets.
* Access controls: SOPS supports role-based access controls and multi-factor authentication to ensure that only authorized users or systems can access secrets.
* Secret rotation: SOPS supports automatic secret rotation, allowing secrets to be regularly rotated to reduce the risk of unauthorized access.
* Auditing: SOPS provides auditing capabilities, allowing administrators to track and monitor access to secrets.
SOPS is commonly used in DevOps environments to securely store and manage secrets, and it is often used in conjunction with other tools, such as Kubernetes and Helm, to automate the deployment and management of cloud-native applications.
<ResourceGroupTitle>Free Content</ResourceGroupTitle>
<BadgeLink colorScheme='blue' badgeText='Official Website' href='https://github.com/mozilla/sops'>Mozilla SOPS - Official Website</BadgeLink>

@ -0,0 +1,17 @@
# Sealed Secrets
Sealed Secrets is a tool for securely storing and managing secrets in a Kubernetes environment. It is developed and maintained by Bitnami and is available as open-source software.
In a Sealed Secrets workflow, secrets are encrypted using a public key and stored as sealed secrets in a Git repository. The sealed secrets can then be deployed to a Kubernetes cluster, where they are decrypted using a private key and made available to the applications and infrastructure that need them.
Sealed Secrets is designed to be highly secure and easy to use, with a range of features for managing secrets, including:
* Encryption: Sealed Secrets uses encryption algorithms and protocols, such as RSA, to securely store secrets.
* Access controls: Sealed Secrets supports role-based access controls and multi-factor authentication to ensure that only authorized users or systems can access secrets.
* Secret rotation: Sealed Secrets supports automatic secret rotation, allowing secrets to be regularly rotated to reduce the risk of unauthorized access.
* Auditing: Sealed Secrets provides auditing capabilities, allowing administrators to track and monitor access to secrets.
Sealed Secrets is commonly used in Kubernetes environments to securely store and manage secrets, and it is often used in conjunction with other tools, such as Helm, to automate the deployment and management of cloud-native applications.
<ResourceGroupTitle>Free Content</ResourceGroupTitle>
<BadgeLink colorScheme='blue' badgeText='Official Website' href='https://github.com/bitnami-labs/sealed-secrets'>Sealed Secrets - Bitnami</BadgeLink>

@ -0,0 +1,14 @@
# Cloud Specific Tools
There are several cloud-specific tools for securely storing and managing secrets, such as:
* AWS Secrets Manager: AWS Secrets Manager is a service provided by Amazon Web Services (AWS) for securely storing and managing secrets. It provides features such as automatic secret rotation and integration with other AWS services.
* Google Cloud Secret Manager: Google Cloud Secret Manager is a service provided by Google Cloud for securely storing and managing secrets. It provides features such as automatic secret rotation and integration with other Google Cloud services.
* Azure Key Vault: Azure Key Vault is a service provided by Microsoft Azure for securely storing and managing secrets. It provides features such as automatic secret rotation and integration with other Azure services.
These cloud-specific tools are designed to be used in conjunction with cloud-based applications and infrastructure and are typically integrated with other cloud services, such as container orchestration platforms and continuous delivery pipelines.
<ResourceGroupTitle>Free Content</ResourceGroupTitle>
<BadgeLink colorScheme='blue' badgeText='Official Website' href='https://aws.amazon.com/secrets-manager/'>AWS Secrets Manager - Amazon Web Services</BadgeLink>
<BadgeLink colorScheme='blue' badgeText='Official Website' href='https://cloud.google.com/secret-manager'>Google Cloud Secret Manager - Google Cloud</BadgeLink>
<BadgeLink colorScheme='blue' badgeText='Official Website' href='https://azure.microsoft.com/en-us/services/key-vault/'>Azure Key Vault - Microsoft Azure</BadgeLink>

@ -0,0 +1,17 @@
# Secret Management
Secret management is an important aspect of DevOps, as it involves securely storing and managing sensitive information, such as passwords, API keys, and other secrets, that are used by applications and infrastructure.
There are several ways to manage secrets in a cloud environment:
* Secret stores: A secret store is a specialized database or service that is designed to securely store and manage secrets. Examples of secret stores include Hashicorp Vault, AWS Secrets Manager, and Google Cloud Secret Manager.
* Encryption: Secrets can be encrypted using a variety of encryption algorithms and protocols, such as AES, RSA, and PGP. Encrypted secrets can be stored in a variety of locations, such as a file system, a database, or a cloud storage service.
* Access controls: Access to secrets should be restricted to only those users or systems that need them, using techniques such as role-based access controls, multi-factor authentication, and least privilege principles.
Effective secret management is essential for maintaining the security and integrity of a DevOps environment. It is important to regularly review and update secret management practices to ensure that secrets are being stored and managed securely.
<BadgeLink colorScheme='yellow' badgeText='Read' href='https://medium.com/@burshteyn/secrets-management-guide-approaches-open-source-tools-commercial-products-challenges-db560fd0584d'>Secrets management guide — approaches, open source tools, commercial products, challenges and questions</BadgeLink>
<BadgeLink colorScheme='yellow' badgeText='Read' href='https://medium.com/slalom-technology/secret-management-architectures-finding-the-balance-between-security-and-complexity-9e56f2078e54'>Secret Management Architectures: Finding the balance between security and complexity</BadgeLink>

File diff suppressed because it is too large Load Diff
Loading…
Cancel
Save