Secrets Management

Cybersecurity in today's world isn't just for big and rich companies anymore. Hackers now are commonly using automated scanning tools that find common and new vulnerabilities in pretty much anything that's connected to the internet. This means that even if your company is small or new, you're at risk of getting attacked. Therefore, if you want to avoid or at least decrease the chances of being hacked, you need to understand the basics. 

Secrets management is one of the most fundamental concepts in cybersecurity. If an attacker gets your username and password, they don't need to hack anything; they can simply log in. For that reason, buying expensive network firewalls and security tools won't automatically make you secure. Making sure your secrets are actually secret is not as easy as it may seem. In this course, you'll learn how proper secrets management should look, what the common pitfalls are, and how to deal with secrets in your organization. 

1 day/8 hours of instruction
Public Classroom Pricing


GSA Price: $585

Group Rate: $595

Private Group Pricing

Have a group of 5 or more students? Request special pricing for private group training today.

Part 1: Introduction

  • What Is a Secret in a Modern Environment? 
    • Secrets aren't just usernames and passwords
    • Some secrets are more important than others
    • Secrets in the past versus secrets now
    • The cost of poor secrets management
  • What Actually Is Secrets Management? 
    • What does it mean to manage secrets?
    • Making secrets safe
    • Creating secrets
    • Distributing secrets
    • Rolling secrets
    • Revoking secrets
  • Different Types of Secrets 
    • Username and passwords
    • Tokens
    • API/SSH keys
    • Certificates
    • Encryption keys
    • Cloud-specific secrets
    • Proprietary secrets
    • RSA/MFA tokens
    • Secrets that are not secrets
    • Exercise: Try to find all the different types of secrets used in your organization.

Part 2: Secrets in Theory

  • The Sins of Secrets Management 
    • Hardcoding secrets
    • Lack of visibility
    • "Keys to the kingdom" secrets
  • Ideal World 
    • DevSecOps
    • Auto-generated secrets
    • Secret vaults
    • Short-lived credentials
    • Exercise: Define your secrets management sweet spot—find features that are must-haves for you and that can be skipped at the beginning.
  • Different Secrets for Different Environments 
    • Managing secrets in the cloud
    • Managing secret on-premises
    • Managing secrets in CI/CD pipelines

Part 3: How to Start With Secrets Management

  • The Assessment 
    • Find all the secrets you have
    • List all the current secrets management processes
    • Find blind spots and bad practices
    • List all different operating systems and environments you want to manage
  • Starting Point 
    • Defining new secrets management infrastructure
    • Secrets access monitoring
    • Role-based access control
    • Exercise: Outline your ideal secrets management infrastructure.

Part 4: Secrets for Developers

  • What Developers Need to Know About Secrets 
    • Remove secrets from code whenever possible
    • Common library approach
    • Dedicated secrets management libraries
    • Automatic secrets generation on the fly
    • Use platform-specific credential management when available
    • Managing secret for a monolith versus microservices
  • Pros and Cons of Different Ways of Consuming Secrets 
    • Secrets from environment variables
    • Secrets from file
    • Injecting secrets from a CI/CD pipeline
    • Secrets vault
    • Exercise: Loading secrets from environment variable in Python.
    • Exercise: Loading secrets from a file in Go.
  • Using Vault 
    • What is a secrets vault and how do you use it in your application?
    • Why you should try to use a vault whenever possible
    • Exercise: How to use Google Vault API with Python.
    • Exercise: How to use HashiCorp Vault with Go.
    • Exercise: How to use Azure Key Vault with JavaScript.

Part 5: Secrets for Platform Engineers

  • What Platform Engineers Need to Know About Secrets 
    • Different types of secrets that platform engineers will have to take care of
    • Application-related secrets
    • Platform-related secrets
    • Access to Secrets Vault and CI/CD systems
  • CI/CD as a Secret Store 
    • Is storing secrets in your CI/CD system a good idea?
    • Inject secrets to deployment from a CI/CD pipeline
    • Exercise: Add and use secrets in GitLab.
    • Exercise: How to create encrypted secrets for a GitHub repository.
    • Exercise: Consuming encrypted GitHub secrets with Bash
    • Exercise: Validating access control for secrets in GitHub.
  • Implementing Vault 
    • Managed versus self-built vault
    • Challenges of implementing vault in your organization
    • Exercise: How to create Azure Key Vault.
    • Exercise: How to install HashiCorp Vault in your own environment.

Part 6: Secrets Management for Kubernetes

  • What's So Special About Secrets Management for Kubernetes? 
    • How do secrets work in Kubernetes?
    • The challenges of Kubernetes ownership in an organization
    • Kubernetes secrets are not actually so secret
    • How to solve Kubernetes secret challenges
  • External Secrets Operator 
    • What is ESO and how does it work?
    • How to use ESO
    • Exercise: Install ESO on your Kubernetes cluster.
    • Exercise: Create SecretStore for ESO.
    • Exercise: Create your first ExternalSecret using ESO.
  • Sealed Secrets 
    • What are Sealed Secrets for in Kubernetes?
    • The differences between ESO and Sealed Secrets
    • Secret rotation versus key renewal
    • Exercise: Install Sealed Secrets on Kubernetes.
    • Exercise: Seal your first secret.
  • Kubernetes Secrets Store CSI Driver 
    • What is Secrets Store CSI for Kubernetes and how does it work?
    • The differences between Secrets Store CSI and previous solutions
    • Exercise: Install Secrets Store CSI Driver on your Kubernetes cluster.
    • Exercise: Create SecretProviderClass for CSI Driver.
    • Exercise: Adjust your Kubernetes deployment to use CSI Driver.
  • HashiCorp Vault for Kubernetes 
    • What is HashiCorp Vault?
    • Different ways of using HashiCorp Vault with Kubernetes
    • What is Vault Agent Sidecar Injector?
    • Exercise: Install HashiCorp Vault on Kubernetes cluster.
    • Exercise: Install Vault Agent Sidecar Injector.
    • Exercise: Inject secrets to Kubernetes deployments with HashiCorp Vault.

This course would be beneficial for anyone looking to understand cybersecurity in their organization.

Some job titles that would benefit from this training include:

  • IT Manager, Directors & Staff
  • Development Leads
  • Security Managers
  • System Administrators
  • Network Designers
  • Help Desk Professionals
  • Security Administrators
  • Any Security Staff
  • Business Analysts
  • Business Systems Analyst
  • Project Managers
  • Systems Architects/Designers
  • Systems or Application Developers
  • Systems Analysts or Testers
  • Managers & Team Leaders

  • What secrets management means
  • Theory of secrets
  • How to effectively manage secrets in your organization

Secrets Management Schedule

There are currently no scheduled classes for this course. Please contact us if you would like more information or to schedule this course for you or your company.

Request Private Group Training