There are many aspects and meanings to Microservices, for every person you ask you may get different answers. One aspect that typically comes along is deploying and managing large numbers of services, usually in the form of light weight servers. This in turn creates the need for automating configuration of servers and applications including security keys and credentials that are needed. Related to PKI, we see an important aspect of PKK products being DevOps friendly. DevOps friendly in (at least) two aspects:
Configuring and running the PKI products themselves in a DevOps environment
Managing (non PKI) applications in a DevOps environment securely, providing applications with certificates, digital signatures and credentials as services are created and destroyed
This session goes through some steps often related to the Microservices and DevOps universes.
1. Deploying a PKI as Containers
With live demo deploying EJBCA as Docker container.
2. Managing PKI credentials and machine identities for applications
Live demo of plug-in to Hashicorp Vault, to issue certificates through Vault, from the "real" PKI
Live demo to use CertBot to issue TLS certificate to an Apache server
3. If time permits, we can also show secure code signing integrated into a CI pipe-line with Jenkins. We may also show some Ansible playbooks.
Förkunskaper: Inga
Ansvarig: PrimeKey / Filip Lundmark