2.8 KiB
title, type, source-type, category, tags, date-added, video-source, audio-source, status
| title | type | source-type | category | tags | date-added | video-source | audio-source | status | |||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| CTP Topic 37 Secrets Certificates Management | cloud-learning | video | DevOps & SRE/07_Security |
|
2026-04-14 | nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 37_ Secrets _ Certificates Management.mp4 | summarized (Gemini 摘要) |
CTP Topic 37 Secrets Certificates Management
Source: NAS /volume2/work/Public Cloud Learning Sessions/CTP _ Topic 37_ Secrets _ Certificates Management.mp4
Type: VIDEO | Category: 07_Security
Status: 🟡 Awaiting Whisper transcription → Summary
摘要
Secrets Management
This session covers secrets management, including the tools and methods for managing digital authentication credentials, secrets, passwords, keys, APIs, and tokens for application services, privileged accounts, and other sensitive parts of the IT ecosystem. The cloud transformation program requires standardization of secrets management as workloads move to the public cloud. In March 2022, CCLE was assigned to explore Micro Focus use cases and evaluate potential secrets management solutions.
The evaluation included AWS Secrets Manager, HashiCorp Vault, and Micro Focus PAM by CyberArk. AWS Secrets Manager is a managed service with built-in integration for AWS RDS, Redshift, and DynamoDB, supporting high availability and DR, with costs based on usage. HashiCorp Vault (Enterprise version) is self-hosted, cloud vendor agnostic, and supports on-demand dynamic secrets and embedded signing of certificates, with costs based on the number of users. Micro Focus PAM was found to require significant investment to be competitive and was not pursued due to a lack of investment plans.
We've started a pilot with AWS Secrets Manager, which lasted 30 days. The pilot phase included HashiCorp Vault and AWS Secrets Manager. The HashiCorp Vault pilot used the freeware version and found it lacking in enterprise capabilities like high availability and multi-tenancy. The AWS Secrets Manager pilot validated out-of-the-box features and identified missing features such as SSH key rotation and user integration password rotation. AWS Secrets Manager is easy and simple to implement.
AWS Secrets Manager was chosen as the secrets management solution for Micro Focus. The implementation phase involves removing clear text passwords and keys from CI/CD processes, starting with Control Tower. The process includes centralizing secrets in Secrets Manager, cleaning repositories, and automating secret retrieval. AWS manages secrets at the account level, which can reduce costs and increase security.
关键概念
行动项
相关视频
配对视频笔记链接(生成后填入)
最后更新: 2026-04-14