Secret Management

ISDA - 3/16 - Minimum

Experiences
- Cloud Architect (2018+)
- OOBOX Group (2017+)
- ISDA (2016+)
- DevOps Engineer / SRE (2015+)
- Software Engineer (2011+)
Abilities
- Python
- Container
- Cloud Services
- CI / CD / CM

Who Am I?

Linux 動手玩

[GCP] Create Instance

f1-micro

How to clear?

Case 1

Clear Bash History

history -c

rm ~/.bash_history

HISTSIZE=0

cat /dev/null > ~/.bash_history

In memory

In file

  echo hello world

whitespace in front of echo

Case 2

echo?

Bash Config

Value	Description
ignorespace	command 前有空白，不記錄
ignoredups	連續重複指令，不記錄
ignoreboth	同時套用上面兩種情況

HISTCONTROL=ignoreboth

Case 3

more process? more detail?

ps a

ps ax

what are environment variables?

sudo ls -al /proc/<PID>

sudo cat /proc/<PID>/environ

sudo cat /proc/<PID>/mounts

Before

Key Management Service (KMS)

GCP Cloud KMS

Create Custom-managed KMS

GCP Cloud Storage

Create Bucket

Create Bucket

Upload File

Create Service Account

Open Cloud Shell

Upload JSON Key

Generate Signed URL

sudo pip install pyopenssl

Generate Signed URL

gsutil signurl -d 10m \
    finance-198811-b1419a857c2d.json \
    gs://minimum-demo/大頭圖.jpg

Public File

Remove Resource

Bucket
Service Account
KMS (only destroy)

Reference

Using Cloud KMS with other products

AWS KMS

Create Custom-managed KMS

AWS S3

Create Bucket

Upload File

Check Permission

Presigned URL

awscli s3 presign

Public File

Remove Resource

Bucket
KMS

Reference

AWS Services Integrated with KMS

Secret Manager

Jenkins Credentials

Secret File

!!! Not to print secrets in console or log !!!

Username & Password

!!! Not to print secrets in console or log !!!

Plugins

Reference

Credentials storage in Jenkins

Vault by Hashicorp

source from 透過 Vault 定期 rotate credentials

Secret Management

Experiences

Abilities

Who Am I?

Linux 動手玩

[GCP] Create Instance

[GCP] Create Instance

Case 1

Clear Bash History

Case 2

Bash Config

Case 3

ps a

ps ax

sudo ls -al /proc/<PID>

sudo cat /proc/<PID>/environ

sudo cat /proc/<PID>/mounts

Before

Key Management Service (KMS)

GCP Cloud KMS

Create Custom-managed KMS

Create Custom-managed KMS

Create Custom-managed KMS

Create Custom-managed KMS

Create Custom-managed KMS

GCP Cloud Storage

Create Bucket

Create Bucket

Create Bucket

Create Bucket

Upload File

Create Service Account

Create Service Account

Create Service Account

Create Service Account

Create Service Account

Create Service Account

Create Service Account

Open Cloud Shell

Upload JSON Key

Generate Signed URL

Generate Signed URL

Public File

Public File

Public File

Remove Resource

Reference

AWS KMS

Create Custom-managed KMS

Create Custom-managed KMS

Create Custom-managed KMS

AWS S3

Create Bucket

Create Bucket

Create Bucket

Upload File

Upload File

Upload File

Check Permission

Check Permission

Check Permission

Presigned URL

Public File

Public File

Public File

Public File

Remove Resource

Reference

Secret Manager

Secret Manager

Secret Manager

Secret Manager

Jenkins Credentials

Secret File

Secret File

Secret File

Secret File

Secret File

Secret File

Secret File