Talks
Speakers
Events
Topics
Sign in
Home
Talks
Speakers
Events
Topics
Leaderboard
Use
Analytics
Sign in
Suggest modification to this talk
Title
Description
RailsConf 2018: Encrypted Credentials on Rails 5.2: Secrets to Success by Christopher Rigor Secrets are out. Credentials are in. This new Rails 5.2 feature offers a number of advantages over the old way of managing secrets. You get atomic deploys, you avoid putting sensitive data on environment variables, and your data is always encrypted. This talk will reveal the secrets to success in using Credentials and EncryptedConfiguration, the API it uses internally. This is a sponsored talk by Engine Yard.
Date
Summarized using AI?
If this talk's summary was generated by AI, please check this box. A "Summarized using AI" badge will be displayed in the summary tab to indicate that the summary was generated using AI.
Show "Summarized using AI" badge on summary page
Summary
Markdown supported
The video, titled "Encrypted Credentials on Rails 5.2: Secrets to Success," features Christopher Rigor discussing the advantages of encrypted credentials introduced in Rails 5.2, taking place at RailsConf 2018. Rigor, a tech evangelist at Engine Yard, elaborates on the shortcomings of the previous approaches to managing secrets in Rails applications and outlines the streamlined process that encrypted credentials provide. **Key Points Discussed:** - **Introduction of Encrypted Credentials:** - Rails 5.2 offers a refined approach to managing secrets compared to Rails 5.1’s encrypted secrets, which have been deprecated. - Encrypted credentials allow for atomic deploys and eliminate sensitive data exposure through environment variables. - **Setup Process:** - When a new Rails application is created, Rails generates a master key and secrets automatically using the command `rails credentials:setup`. - Developers can manage credentials with `rails credentials:edit`, allowing them to securely edit configurations without exposing sensitive information. - **Editing and Accessing Credentials:** - Encrypted credentials are nested per environment and allow developers to access sensitive information using `Rails.application.credentials`. - The built-in command `rails credentials:show` can display the credentials, emphasizing that they should not be displayed in views or front-end code directly. - **Demonstration of APIs and Encryption:** - Rigor demonstrates using encrypted configuration APIs provided by Rails for custom encrypted data handling beyond standard credentials. - The underlying encryption is based on Advanced Encryption Standard (AES), a symmetric cipher known for its security and industry-wide acceptance. - **Comparison to Previous Methods:** - The discussion touches on previous secret management strategies, highlighting the risks associated with using environment variables and unencrypted files. - The history and inadequacies of the Data Encryption Standard (DES) are brought up to explain the necessity for robust encryption methods like AES. - **Alternatives and Future Considerations:** - Rigor addresses the importance of assessing existing credential management practices and suggests considering encrypted credentials if no secure method is currently in use. - The talk mentions actively ongoing discussions and potential future updates for handling per-environment credentials more effectively that could enhance the Rails ecosystem further. **Conclusions/Takeaways:** - Encrypted credentials in Rails 5.2 significantly improve the security and management of sensitive application data, and they are recommended for developers yet to adopt encryption. - Staying informed about best practices and proposed features can be crucial as the Rails framework evolves. - The importance of keeping credentials secure while simplifying access is the core message of the talk, ensuring developers implement these features appropriately without compromising security.
Suggest modifications
Cancel
