March 8-10, 2017
Montreal, Canada
Sharing secrets in a containerized world
Apps and services depend on secrets like tokens or password for authentication. But neither env vars nor files provide secure, flexible and PCI compliant transport mechanism for cloud and containers. With Custodia we developed a HTTP and JSON based protocol and reference implementation for authentication, routing and auditing of secrets. It combines Unix sockets and sVirt with JOSE and PKI to request secrets from a store or 3rd party vault.
Christian Heimes
Red Hat
Christian is a long time Python developer from Hamburg/Germany. In the past he has contributed to several Open Source projects such as the CPython interpreter. In the past years he has helped to keep Python secure, for example as member of the Python security response team, secure hashing (PEP 456) and improvements of Python's TLS/SSL module. Nowadays he is employed by Red Hat and works on OpenShift container security, FreeIPA identity management and Dogtag public key infrastructure.
Montreal 2017 sponsored by
