Transparent Authentication of Outbound Connections with Secretless

Geri Jennings from CyberArk will present on Secretless:

There has been a lot of work done in the Kubernetes community recently to integrate tools and standards like SPIFFE and Istio that make it easier for microservices to communicate securely. In practice, however, there is still developer work to be done to connect Kubernetes-deployed apps to protected services that require authentication. Often this means writing code to:

• Authenticate and fetch secrets from a vault
• Prevent secrets from being written to logs
• Keep credentials secure in caches or on disk
• Respond to rotating and dynamic secrets

What if instead you could connect to authenticated services using a sidecar container that would take care of all this for you? In this session I will talk about a new open source project, Secretless Broker, and show how it:

• Lets your code connect securely to target services without credentials
• Includes built-in support for the most popular secrets vaults and is easily extensible
• Enables you to evolve the secrets vault that you use, over time and across environments, without changing any code
• Transparently responds to rotating and changing secrets