When you need to create a username and password for a new database, what do you do? Use the same credentials every time? Use a password manager?

What if you’re deploying infrastructure-as-code? Do you ask a trusted human to remember the credentials? Do you keep the details in a shared notebook, or in source control?

What’s the worst that could happen, right?

I’ll show you how to script the creation, encryption and storage of secrets in AWS. No human needs to see that password, know that password, or type in that password. Only the code that needs access will be granted access.

Session takeaways


Cariad was a Software Team Lead for the best DevOps squad in Thomson Reuters, but the allure of independence was irresistible; now she’s a freelance writer, coder-for-hire, blogger at cariad.me and getcodelove.com and soon-to-be indie author.

She loves science fiction, infrastructure-as-code and wondering where her next paycheque will come from.