Overview
Maintaining secrets, credentials, and nonhuman identities in secure ways is an important, though often overlooked, aspect of secure software development. Cloud migration and digital transformation have led to an explosion of nonhuman identities-like automation scripts, cloud native apps, and DevOps tools-that need to be secured across multiple cloud and hybrid environments. DevOps security often addresses vulnerability scanning, but it neglects broader discussions like authentication, authorization, and access control, potentially leaving the door open for breaches. That's where an identity security strategy focused on secrets management can help. In this practical book, authors John Walsh and Uzi Ailon provide conceptual frameworks, technology overviews, and practical code snippets to help DevSecOps engineers, cybersecurity engineers, security managers, and software developers address use cases across CI/CD pipelines, Kubernetes and cloud native, hybrid and multicloud, automation/RPA, IOT/OT, and more. You'll learn: The fundamentals of authentication, authorization, access control, and secrets management What developers need to know about managing secrets and identity to build safer apps What nonhuman identities, secrets, and credentials are-and how to secure them How developers work with their cross-function peers to build safer apps How identity security fits into modern software development practices
Full Product Details
Author: John Walsh ,
Uzi Ailon ,
Matt Barker
Publisher: O'Reilly Media
Imprint: O'Reilly Media
ISBN: 9781098158033
ISBN 10: 1098158032
Pages: 250
Publication Date: 16 May 2025
Audience:
General/trade
Format: Paperback
Publisher's Status: Active
Availability: In Print
This item will be ordered in for you from one of our suppliers. Upon receipt, we will promptly dispatch it out to you. For in store availability, please contact us.
Author Information
John Walsh is a distinguished authority in software security, with over 15 years of experience in various roles within enterprise security companies. From software developer to product manager, product marketing, and open-source community manager, his diverse background has equipped him with a comprehensive understanding of securing the entire software supply chain. This unique perspective enables him to communicate the intricacies of enterprise software security with clarity and depth, catering to both technical and non-technical audiences. Uzi is a seasoned software engineering professional with over 25 years of experience, including 15 years focused on customer engagement and sales. With deep expertise in the entire software development lifecycle, security, and DevOps, Uzi understands the business objectives of Fortune 500 companies and the unique challenges enterprises face in balancing innovation with security. Matt was co-founder & CEO of Jetstack, best known for its open source project 'cert-manager', which is downloaded millions of times a day to secure cloud native infrastructure. He now leads Workload Identity Architecture for CyberArk.
