Secure CI/CD Using JSON Web Token (JWT) - Dov Hershkovitch, GitLab

less than 1 minute read

Abstract

DevSecOps extends the DevOps ecosystem with the security aspect. Sensitive information is everywhere, be it passwords, secret tokens or exchanged IDs in order to gain access to tools and platforms. The problem has been addressed by many secret management solutions and frameworks, yet creating another problem: Which to choose from, and how to integrate best into your DevOps processes? Engineers started to workaround the security protocols, and often sensitive information is stored in insecure ways. A plaintext token can lead to security leaks and business incidents in a worst case scenario. JSON Web Token (JWT) aims to build the integration bridge as an open standard for security claims exchange. Join this session to learn how in GitLab we leverage JWT tokens to access different secret management solutions, including major cloud providers. Hear best practices on the challenges to retrieve sensitive data and how to enhance the DevSecOps security processes in your organization.

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

Secure CI/CD Using JSON Web Token (JWT) - Dov Hershkovitch, GitLab

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google