I recently had a tech challenge where I had to make a web server in the cloud and secure it as best as I could.
I decided against using secrets, secrets are essentially a keystore where your keys are stored that are encrypted. That way the password is never sitting on a server.
I went against secrets for two major reasons, one being in order to implement them I’d need to change the application I was told to deploy and secure. The other being, I just didn’t see a point and I’ll explain that now.
I created a random password when the template is launched via terraform. The only place that password ever is is on the server. Ssh is disabled after the server is launched. So, it’s quite unlikely to get in, you have to compromise something internal because it has proper network segmentation but let’s say you were able to get on it and let’s say that password wasn’t there.
You’re still screwed either way because you can dump the memory and the password is there, I’ve done it. Still screwed because there’s a local cache of the database sitting there as well. Also screwed because you can edit the application and redeploy with those creds to the database causing all sorts of havoc.
Just thought of another reason it doesn’t make sense, I’d have to provide the permissions for my server to be able to access that specific key in the keystore. If you access that server, there is nothing stopping you from pulling it down.