its AirBnB.. they should have this stuff sorted! Dev/prod should be completely separate with the vaults/secrets management in prod having the correct keys with only a few peeps having access (in a break glass…
Unless its the CIO/CSO for shite secret management policies.
Its the process, not the dev. A Dev should never have access to prod secrets, it show flaws in ABnB security model and tells me a fair bit around how the work with dev/deployment.
High up yes, not the dev who did this.
No, the process failed. They should NOT have access to prod API keys.. It actually shows how ABnB treats security of prod secrets.
This to me means the devs have access to the prod keys, even to the external services... not good.
Nope, even as a coder for 40 years, worked at and ran startups etc, so get the jokes.. it was …. A bit pants.
That was exactly the same process including devpac (On a cover disk) that I went thru. Flashbacks...
We use Azure Functions to pull data out of DataDog and other services (bespoke) to chuck in a capacity management database, and then use more FaaS's to munge the numbers etc. We also use it in prod with for events, and…
Nope, well except the standard Reddit posts that are obviously ads...
Yes, if you park your car outside your house on the drive, and the key is in the house in a bowl by the door (for example) then they can steal the car in the middle of the night.. This is worse in the UK, as we have…
Correct, you just have the key (well a card) in your pocket/wallet and walk up to the car, which unlocks, you can then get in and press 'start'.. So if you leave your keys in a bowl by the door, they can just extend the…
Key\Values in consul. Then pass in an env car with the key.
Kong is great, really like it
I assume they mean JWT validation.
its AirBnB.. they should have this stuff sorted! Dev/prod should be completely separate with the vaults/secrets management in prod having the correct keys with only a few peeps having access (in a break glass…
Unless its the CIO/CSO for shite secret management policies.
Its the process, not the dev. A Dev should never have access to prod secrets, it show flaws in ABnB security model and tells me a fair bit around how the work with dev/deployment.
High up yes, not the dev who did this.
No, the process failed. They should NOT have access to prod API keys.. It actually shows how ABnB treats security of prod secrets.
This to me means the devs have access to the prod keys, even to the external services... not good.
Nope, even as a coder for 40 years, worked at and ran startups etc, so get the jokes.. it was …. A bit pants.
That was exactly the same process including devpac (On a cover disk) that I went thru. Flashbacks...
We use Azure Functions to pull data out of DataDog and other services (bespoke) to chuck in a capacity management database, and then use more FaaS's to munge the numbers etc. We also use it in prod with for events, and…
Nope, well except the standard Reddit posts that are obviously ads...
Yes, if you park your car outside your house on the drive, and the key is in the house in a bowl by the door (for example) then they can steal the car in the middle of the night.. This is worse in the UK, as we have…
Correct, you just have the key (well a card) in your pocket/wallet and walk up to the car, which unlocks, you can then get in and press 'start'.. So if you leave your keys in a bowl by the door, they can just extend the…
Key\Values in consul. Then pass in an env car with the key.
Kong is great, really like it
I assume they mean JWT validation.