Your Secrets in Cloud-Based Key Management Services

Thursday, November 02, 2017 - 12:00 pm12:30 pm

Dan O'Boyle, Stack Overflow


Do you encrypt secrets before committing them to a repository?

Are API keys and passwords stored in a local library any team member can decrypt?

Are you forced to re-encrypt all secrets anytime access has changed?

Stop doing those things! Cloud Based Key Management Services (Google KMS, Azure Key Vault, Amazon KMS) provide encryption keys as a service. KMS create a centralized access control list. Using a KMS, you can centralize secrets, removing them from local libraries. Key rotation can be automated, often times making a KMS more secure than local key management practices.

Dan O'Boyle, Stack Overflow

Dan works as an Internal Support Engineer on the IT team at Stack Overflow. He started his career as high school teacher and transitioned into a System Administrator. He enjoys creative collaboration to solve solvable things, and using automation for everything else.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@conference {207219,
author = {Dan O{\textquoteright}Boyle},
title = {Your Secrets in {Cloud-Based} Key Management Services},
year = {2017},
address = {San Francisco, CA},
publisher = {USENIX Association},
month = oct

Presentation Video 

Presentation Audio