Event Details

Please note: All times listed below are in Central Time Zone


Are Your Secrets Secure?

Whether you're following your own infosec policy or trying to meet the requirements of GDPR, ANSI, PCI DSS, HIPAA, or NIST you will want to answer the question: "Are my secrets secure?" in my OpenStack cloud.

Barbican is the OpenStack service that allows operators and users to store secrets securely.  It consists of an OpenStack API that provides keystone authentication, oslo policy and quotas, and back-ends in which the secret is actually stored.

But secrets are only as secure as the storage back-end that is deployed behind Barbican.

This talk will focus on the types of secure storage back-ends available, how they work, and the advantages and disadvantages of each back-end. We'll include discussion of HSMs, SGX and TPMs, and Vault.

The security of your secrets is important.  This session will give you the information you need to confidently make decisions about secret storage for your cloud.


What can I expect to learn?

The security of your secrets is important.  This session will give you the information you need to confidently make decisions about secret storage for your cloud.

Tuesday, November 5, 2:30pm-3:10pm (6:30am - 7:10am UTC)
Difficulty Level: Intermediate
Cisco Systems
Dave McCowan leads security initiatives for the Private Cloud Engineering Team at Cisco.  He has been an OpenStack contributor for 6 years.  He is a former PTL for the Barbican project where he continues as a core reviewer.  He's an enthusiast of security of all kinds and holds a CISSP. FULL PROFILE
Red Hat, Senior Software Engineer
Douglas is the current PTL for the Key Management (Barbican) project.  Before being involved in OpenStack, Douglas was a software development consultant specializing in secure development of mobile and web applications.   FULL PROFILE
Red Hat
Ade works for Red Hat, and has been involved in various security and OpenStack projects (Dogtag, FreeIPA, Barbican, TripleO) for several years.  He is a former Barbican PTL.  Most recently, he's been working on FIPS compliance in OpenStack. FULL PROFILE