Handling secrets in cloud-based applications - Steve Roberts - NDC Sydney 2020

Modern applications can have many secrets - certificates, API access keys and tokens, database passwords, and more. Storing this data alongside, or even in the application code, can be insecure, and be problematic to rotate without rebuilding and redeploying the entire application. What better options exist? In this session we will examine and demonstrate options for storing, deploying, and retrieving application secrets at runtime for applications that have been deployed to the AWS cloud.