I'm still confused. How does this "request" process to the secret manager happens? In my understanding, the secret manager will only approve the "request" if the requestor can somehow prove that he/she is who he/she claims to be. But, isn't that means we are still dealing with user credentials here? So what does the secret manager really achieve? Is it just adding a centralized layer so that we can easily "revoke" a permission from a particular user to particular service?
The title of the video is somewhat confusing. It mostly goes over the usages of secret management and doesnt even scratch the surface of HOW this is implemented (i.e. HSM). I'd love to see more of latter.
That just kicks the ball down the street one level of indirection. It’s better and you can using the centralized mechanism fix a breach but the client still is the weak link. Thx for the videos. They are all interesting.
I need to login via single sign on Application. Prompts network credentials on this single sign on Page. What if I create synthetic ID(user/pwd)? Store them in Secret Mgr. I still would need user and password to login to SSO App for Automated Testing . Only difference is I now get the credentials calling SMS? 🤔 Is this ok Data Breach ?
Hey there! Depends on the secrets service you use. Ideally, if it is integrated with that SSO app then the app can ask that secrets manager service to confirm that user (based on ID) has the right access to these credentials without having to ever expose them outside of your secrets store. Some sort of abstracted value like a key could supplement for any value exposure, reduces exposure for data breach.
I'm still confused. How does this "request" process to the secret manager happens? In my understanding, the secret manager will only approve the "request" if the requestor can somehow prove that he/she is who he/she claims to be. But, isn't that means we are still dealing with user credentials here? So what does the secret manager really achieve? Is it just adding a centralized layer so that we can easily "revoke" a permission from a particular user to particular service?
Thanks for this. Kudos to the PM who thought of this. This feels like a much needed product. Thank you and kudos to the teams for making this happen.
Thank you for watching, Stanley! 🙌
The title of the video is somewhat confusing. It mostly goes over the usages of secret management and doesnt even scratch the surface of HOW this is implemented (i.e. HSM). I'd love to see more of latter.
That just kicks the ball down the street one level of indirection. It’s better and you can using the centralized mechanism fix a breach but the client still is the weak link. Thx for the videos. They are all interesting.
Why not use certificates?
I needed this. Does anyone knows a similar secret store manager like the IBM DCM and google secret manager?
Requester - AD/Cloiud permission under IAM Policies and protocols - Gaining level of acesss - 9 Minutes Clip ?
I need to login via single sign on Application.
Prompts network credentials on this single sign on Page.
What if I create synthetic ID(user/pwd)?
Store them in Secret Mgr.
I still would need user and password to login to SSO App for Automated Testing .
Only difference is I now get the credentials calling SMS?
🤔
Is this ok Data Breach ?
Hey there! Depends on the secrets service you use. Ideally, if it is integrated with that SSO app then the app can ask that secrets manager service to confirm that user (based on ID) has the right access to these credentials without having to ever expose them outside of your secrets store. Some sort of abstracted value like a key could supplement for any value exposure, reduces exposure for data breach.
awesome
what is microservices
Hey Hamdan! 😃 This video might answer your question 👉 ibm.co/338sNtT
You can also learn more about microservices in this guide: ibm.co/3l6Jqwz