CredHub and Secure Credential Management - Peter Blum, Scott Frederick

December 9, 2017

From the platform all the way down to the microservices which run upon it, secrets are everywhere and leaking them can be a costly experience. Understanding security best practices, such as encrypting secrets while in transit; encrypting secrets at rest; rotating secrets regularly; preventing secrets from unintentionally leaking when consumed by the final application; and strictly adhering to the principle of least-privilege, where an application only has access to the secrets that it needs—no more, no less.....can be daunting. A new Cloud Foundry Foundation project, CredHub, was designed for these reasons. This session will take a fresh look at how to enhance security within Cloud Foundry and applications through secret management by utilizing CredHub in conjunction with Spring Cloud Services. Slides: TBA Peter Blum, Platform Architect, Pivotal Scott Frederick, Senior Software Engineer, Pivotal Filmed at SpringOne Platform 2017

Introduction to CDD and Security Centric System Design - Dmitry Didovicher, Crunchy Data

In security centric environments, such as Federal and State Government or large enterprises, even the most ...

Pivotal Cloud Foundry and Cloud-Native Security

A look at what Cloud-Native Security means to Pivotal as well as how the Pivotal Cloud Foundry suite delive...

CredHub and Secure Credential Management - Peter Blum, Scott Frederick

Previous

Next

CredHub and Secure Credential Management - Peter Blum, Scott Frederick

Previous

Next

Related content in this Stream

Perimeter security isn't sufficient for today's cloud native environments and applications. An integrated and continuous approach is required. VMware's Tanzu and Aria products enable this approach.

Your mission is to secure the vast tracts of land of the cloud native security landscape. Where do you even start?!? It would be preposterous to cover that whole topic in a single session, but we can

We talk about getting PCI compliance into Kubernetes, and other security think in the cloud native world. Securing Tanzu Application Service and Tanzu Application Platform. David Zendzian talks...

We talk about getting PCI compliance into Kubernetes, and other security think in the cloud native world. Securing Tanzu Application Service and Tanzu Application Platform. David Zendzian talks with C

Supply chain attacks are more prevalent than ever. Here are the cloud native security topics experts were focused on at CloudNativeSecurityCon 2023.

Watch a customer panel on cloud native security with Jenny Zhang (Mastercard), Thomas Fredell (Merill Corp.), Kurt Glore (Express Scripts), and Thomas Squeo (West Corp.). Moderated by Justin Smith, Ch

Banks of all sizes are modernizing how they do IT and software development. This blog series explores how banks use Pivotal Cloud Foundry to secure backing services for apps.

The CredHub Service Broker is now a beta. It's a service broker that helps developers secure off-platform service credentials. We examine the tile from the enterprise architect perspective.

Pivotal released the CredHub Service Broker as a beta. It's a service broker that helps developers secure off-platform service credentials with CredHub. Read about the new tile here.

Ensuring Platform Security with Windows Bosh Add-ons and Runtime-Config at Boeing - James Coppock & Sheryl Maris, Boeing We did it! InfoSec said “Not a chance you’re deploying Ubuntu and Windows on P

Banks of all sizes are modernizing how they do IT and software development. This blog series explores how banks use Pivotal Cloud Foundry to secure their cloud-native applications.

PCF 2.1 introduces a new capability that enables multiple development teams working on separate microservices to access the same backing services while maintaining robust security and access controls.

Container registries add important security features to Kubernetes. This post details how Harbor, part of Pivotal Container Service, helps secure Docker images in PKS deployments.

How Synchrony Financial adopted Pivotal Cloud Foundry and reshaped how they approach product security.Synchrony Financial isn’t a new kid on the block. The company, which specializes in private...

Pivotal recently published several new whitepapers: The Auditor's Guide to PCF, Security & Compliance for PCF, and Chargebacks & Showbacks in PCF. This post review the highlights of each paper.

Steeltoe is a toolkit to help .NET developers build apps for Cloud Foundry using established microservices patterns. This post reviews important updates & new features in the project's v2.0 release.