Comment automatiser la rotation des clés d’accès AWS

Spoiler alert : cet article traite de l'automatisation de la rotation des clés d'accès AWS et des bonnes pratiques à appliquer sur la base d'une durée de vie des clés définie au préalable. Access Keys Rotation. En contemplant l'âge avancé des clés chez un client (voir ci-dessous), ces trois mots se répétaient en boucle dans ma tête co...

Lire la suite

Securing Your Terraform Deployment On AWS Via Gitlab-Ci And Vault – Part 2

As we saw in the previous article, it is difficult to authenticate a pipeline or even a Gitlab-CI job to allow secure access to our secrets in least privilege mode. HashiCorp Vault allows us to address this need in a uniform and cloud agnostic way. Let's look at our workflow again, this time adding Vault : Initially, Vault allo...

Lire la suite

Towards a CI/CD world without credentials

Did you know about the largest database account leaked ? More than 12 millions account credentials have been leaked. And beside that, in our traditional CI/CD platforms, we store credentials for cloud deployments (access key/secret key, service account, login/password) somewhere to be in the end available as an environment variable. B...

Lire la suite