จุ๊ๆๆ ความลับ

Goodbye {{ .env }}

*** ก๊อปมาจาก slide powerpoint ซักที่

What is it that we are trying to solve : Back in the old days

What is it that we are trying to solve : Today

The problems with .env files : Reliability ? Security ?

• Using .env files allowed us to move secrets out of source code
• Sharing unencrypted secrets risks breaking the principle of least privilege by exposing secrets to potentially unauthorized users.
• Making updating and rolling credentials tedious and repetitive.
• Local development environments break whenever team members forget to share updates that need to be applied to their .env files, e.g. when a feature branch is merged that requires a new secret.

Secret manager solutions

Common requirements

1. Passwords have to be encrypted at rest (not the REST API rest).
2. Allow you to attach them at scale.
3. Access to secrets is restricted.
4. Support for changing secrets or secret rotation.

Example with Infusical