• Home

  • Schedule

  • Speakers

  • Registration

  • Call For Proposals

  • Our Sponsors

  • Financial Aid

  • FAQ

  • Blog

  • Contact Us

  •  

    Sponsors
    Screen Shot 2016-07-15 at 8.37.57 PM
    Screen Shot 2016-07-15 at 8.37.57 PM
    Bloomberg
    Bloomberg
    HERE_Logo_RGB (1)
    HERE_Logo_RGB (1)
    new-twitter-logo-150x150_edited
    new-twitter-logo-150x150_edited
    Yelp
    Yelp
    sentry
    sentry
    Google
    Google
    Google
    Twist Bioscience
    Twist Bioscience
    Screen Shot 2016-08-05 at 3.09.22 PM_edited
    Screen Shot 2016-08-05 at 3.09.22 PM_edited
    cloudera_logo
    cloudera_logo
    sauce-labs200x200
    sauce-labs200x200
    hired-logo
    hired-logo
    PSF
    PSF
    shippo
    shippo
    twilio
    twilio
    Minted
    Minted
    Paypal-logo-20141
    Paypal-logo-20141
    anaconda-logo
    anaconda-logo
    microsoft-logo
    microsoft-logo
    eventbrite
    eventbrite
    Show More
    PyBay Connect
    • Meetup_square
    • White Twitter Icon

    Subscribe to PyBay Updates

    TOP

    Noah Kantrowitz

    Bio

    Noah Kantrowitz is a web developer turned infrastructure automation enthusiast, and all around engineering rabble-rouser. By day he builds tools and teaches, and by night he works with the Python Software Foundation infrastructure team. He is an active member of the Chef community, and enjoys merge commits, cat pictures, and beards.

    Aug 20 1:00p - 1:40p, Robertson
    Behind Closed Doors: Managing Passwords in a Dangerous World

    Security, Intermediate

    ​

    Description 

    A modern application has a lot of passwords and keys floating around. Encryption keys, database passwords, and API credentials; often typed in to text files and forgotten. Fortunately a new wave of tools are emerging to help manage, update, and audit these secrets. Come learn how to avoid being the next TechCrunch headline.

    ​

    Abstract

    Secrets come in many forms, passwords, keys, tokens. All crucial for the operation of an application, but each dangerous in its own way. In the past, many of us have pasted those secrets in to a text file and moved on, but in a world of config automation and ephemeral microservices these patterns are leaving our data at greater risk than ever before.

    ​

    New tools, products, and libraries are being released all the time to try to cope with this massive rise in threats, both new and old-but-ignored. This talk will cover the major types of secrets in a normal web application, how to model their security properties, what tools are best for each situation, and how to use them with major Python frameworks.

    ​

    • Meetup_square
    • Black Facebook Icon
    • Black Twitter Icon