Brussels / 1 & 2 February 2020


Protecting plaintext secrets in configuration files

Applications and services rely on configuration data in order to be customized and we will talk about how to keep them in a safer place other than plaintext configuration files.

The configparser module is Python's standard configuration file parser and many projects rely on it to achieve easy configuration with plaintext files. OpenStack Common Libraries (Oslo) has an alternative called oslo.config with additional sources of input like command line arguments or environment variables. With the addition of a feature called source drivers last year, we are now able to increase the security of configuration values storing them in a safer place.

This talk focuses on the new source driver that integrates Oslo.Config and Castellan, another Olso module specialized in talking to secret managers, and how we can store our sensitive configuration data using HashiCorp Vault.


Photo of Moisés Guimarães Moisés Guimarães