Brussels / 1 & 2 February 2020

schedule

Protecting plaintext secrets in configuration files


Applications and services rely on configuration data in order to be customized and we will talk about how to keep them in a safer place other than plaintext configuration files.

The configparser module is Python's standard configuration file parser and many projects rely on it to achieve easy configuration with plaintext files. OpenStack Common Libraries (Oslo) has an alternative called oslo.config with additional sources of input like command line arguments or environment variables. With the addition of a feature called source drivers last year, we are now able to increase the security of configuration values storing them in a safer place.

This talk focuses on the new source driver that integrates Oslo.Config and Castellan, another Olso module specialized in talking to secret managers, and how we can store our sensitive configuration data using HashiCorp Vault.

Speakers

Photo of Moisés Guimarães Moisés Guimarães

Links