Whether you're following your own infosec policy or trying to meet the requirements of GDPR, ANSI, PCI DSS, HIPAA, or NIST you will want to answer the question: "Are my secrets secure?" in my OpenStack cloud.
Barbican is the OpenStack service that allows operators and users to store secrets securely. It consists of an OpenStack API that provides keystone authentication, oslo policy and quotas, and back-ends in which the secret is actually stored.
But secrets are only as secure as the storage back-end that is deployed behind Barbican.
This talk will focus on the types of secure storage back-ends available, how they work, and the advantages and disadvantages of each back-end. We'll include discussion of HSMs, SGX and TPMs, and Vault.
The security of your secrets is important. This session will give you the information you need to confidently make decisions about secret storage for your cloud.
The security of your secrets is important. This session will give you the information you need to confidently make decisions about secret storage for your cloud.