Secrets Rotation at Scale: Zero Downtime, Zero Excuses
Программный комитет ещё не принял решения по этому докладу
Целевая аудитория
Тезисы
Your security policy requires 90-day credential rotation. Your last rotation caused an outage. The application cached old credentials. The service account was used by three systems no documented. The network appliance needed manual intervention. You rotated the secret. You broke production. Security policy met operational reality. Reality won. Secrets rotation is a checkbox compliance exercise until it is not. Then it's an incident. The credential expired. The application didn't reload. The deployment pipeline failed at 2 AM because the service principal expired and nobody noticed. Your vault rotates secrets. Your applications don't know. This crosses every boundary. DevOps owns application credentials. SecOps owns rotation policy. NetOps owns network device credentials. Database teams own connection strings. Each domain rotates independently. The dependencies between them are not mapped. Rotation in one domain breaks another.
This session covers building secrets rotation that doesn't cause incidents. We'll explore rotation architectures where applications detect and reload credentials automatically, dependency mapping for credentials spanning team boundaries, staged rotation strategies that validate before committing, network and infrastructure credentials beyond application secrets, rollback patterns when rotation breaks something anyway, and cross-functional coordination when credentials touch multiple domains.
Neeraj is the co-founder & CTO of Lyntcube, a real estate AI platform & Vivid Climate, a climate management and DMRV platform. Over the years, he has worked on a variety of full-stack software and data-science applications, as well as computational arts, and likes the challenge of creating new tools and applications, and is an active speaker with talks and tutorials presented at multiple conferences.
Видео
Другие доклады секции
Secure by design. Безопасность, DevSecOps
