Shikha Chawla and Scott Webster, Adobe
The need to properly manage secrets is an essential part of the software development lifecycle. It can also be a tedious and time-consuming, not to mention error-prone, effort. Having a strong, enforced policy on secret rotation is essential. But it can also be complicated. First, you need to determine where all of your secrets are used, then you need to generate new ones, document this happened and why, put new secrets wherever they are supposed to be used, and also document the entire process in the end — preferably without breaking everything.
You are likely wondering with all of this complication if it is even possible to come up with a way to properly manage secrets, especially in diverse, multi-cloud environments. The key is to look at this as a coding problem with a coding solution. Join Shikha Chawla, lead architect for Adobe I/O, and Scott Webster, cloud engineer, for insight into best practices for implementing an automated approach to secrets management. They will discuss what we have learned here at Adobe that works best for our application development and security teams that we hope will provide solid guidance you can use to implement your own automation program for secrets management.