Speaker
Description
Scientific control systems are generally deployed in trusted network environments with passwords, SSH keys, database connection strings, account keys, encryption keys and other secrets stored in a variety of locations such as source code, configuration management systems, and company wikis. Due to the “trust” they are often distributed via insecure methods of communication such as email, instant messaging and word of mouth. Managing secrets is an essential component of a control system with a wide impact. Including: detection of and response to security breaches; enforcement of security policies; management of infrastructure security; granting third party access; and even the effort required to open source a software package. This talk will briefly discuss some of the issues we have come across as we continue to develop the control system for the MeerKAT radio telescope, a precursor to the Square Kilometre Array project. The main focus is an overview of the tool recently selected to manage our secrets: HashiCorp Vault. We are still learning.
