Your team uses a delivery pipeline to deploy infrastructure and applications to production. However, your security team warns you that your pipeline might be vulnerable. Can you spy some improvements you can make to it? In this session, let’s investigate the different ways a pipeline authenticates, authorizes, and audits people, machines, and services. We’ll also apply some tools and techniques to solve the security riddle of an example pipeline using Amazon Web Services, Terraform, and GitHub Actions. You’ll spy some practices for injecting and managing secrets, securing pipeline runner access control and script execution, and auditing pipeline outputs, scripts, and stages to prevent different attacks.
Key Takeaways:
- You’ll learn practices to secure an infrastructure delivery pipeline by...
- Injecting and managing secrets and credentials using a secrets manager
- Securing access control to the pipeline runner
- Auditing pipeline outputs, scripts, and stages for compliance