back to list
Infosys Enterprise Data Privacy Suite

Unified and Secure Management for your Cloud Secrets

Is there a better practice when it comes to managing your password?

For a user, the simplest way is to store the password in plaintext as part of the build script. It isn’t the best security practice and doesn’t scale as well. Hence, the solution is AWS Secrets Manager. Instead of hard coding the credentials in the application, you can store them in the Secrets Manager, and when you need to use them, an API call to the Secrets Manager returns with the secrets.

The AWS Secrets Manager acts as a single authoritative secret store and ensures that the rotation of secrets is made easier and safer. It also uses AWS KMS for encryption with IAM roles to restrict access to the services and Cloud Trial for recording the API calls made for the secrets. Further, it can be extended for additional details such as login credentials, database passwords and cloud vendor API secret keys that change periodically and should not be hard-coded or stored in plaintext in the application.

 

Challenges faced by our customers:

Credentials used in the application are sensitive customer data since any leak of application credentials can lead to a privacy breach. Below are some concerns raised for credentials storage and management –

Some passwords need to be updated at regular intervals, thus creating a burden for the development teams to update them in the application. It also leads to the downtime of an application in some cases.
Storing passwords in plaintext is a security concern and not recommended in a production environment.

If multiple applications use the same credentials, then it is advisable to store these credentials at a single location so that they can be updated for all the applications at once.
In a production environment, how can we ensure to rotate credentials at regular intervals to maintain a high level of security?

 

How can Data Privacy on iEDPS complement AWS Secrets Manager?

iEDPS provides a secret management feature, which helps create secrets in a repository or on cloud vaults such as AWS Secrets Manager, thus enabling a single point of management for all secret vaults. This feature also removes the user’s dependency on the application’s on-premise repository to store highly-sensitive keys used in an application.

Once a secret key is created, no one can access or modify its value. Secret keys created using secrets management are used in Encrypt/Decrypt feature. This feature allows a user to encrypt or decrypt the entire datastore having multiple tables at one go.

 

Secrets or credentials related to any service should not be hardcoded in code or stored on a local file system. They should be updated at regular intervals, improving the security of applications and preventing data breaches related to credential leakage.

Thus, iEDPS offers to store the secret keys in several secrets managers apart from AWS Secrets Manager, including GCP Secrets Manager and Azure Key Vault, which can help remove dependency on the developers to manage, secure and hard cord those secrets in applications. Additionally, it can be used to protect the data at rest by encrypting or decrypting the entire data store.

 

Author: – Nashaa Taj

Author Details

Vijayalaxmi Vijayalaxmi

Vijayalaxmi Suvarna is a Senior System Engineer at Infosys Center for Emerging Technology Solutions, she leads the Marketing initiatives for the PrivacyNext iEDPS Platform. Her focus includes User Experience and online branding of Infosys Data Privacy offerings.

Leave a Comment

Your email address will not be published.


Related Articles

Best Practices – Protecting Your Data in Transit           

December 21st, 2023

India DPDP – Demystify the Data Protection Controls

December 18th, 2023

Privacy Implications in AI

October 30th, 2023

Recent Articles

Enhancing After-Sales Customer Experience by Leveraging Generative AI with Salesforce Automotive Cloud

April 23, 2024 11:31 PM

The Performance Maestro: How GenAI Orchestrates Performance Testing Excellence

April 23, 2024 5:36 PM

How organizations can up their Asset / Engineering Information Management game? – Break down the silos

April 22, 2024 2:07 PM

Featured Articles

Maximo Can Do Supply Chain - Unveiled!

December 27, 2023 9:14 AM

Migrating and Modernizing Windows Workloads on AWS

December 27, 2023 7:52 AM

Wind Energy: Overview, Maintenance and Structured CMMS Implementation Approach

December 27, 2023 7:51 AM

Most read

Leverage SAP Extended Warehouse Management (EWM) for Life Science and Pharmaceutical companies

December 7, 2021 4:17 PM

Accelerated adoption of Security policies across environments

December 9, 2022 3:05 PM

Leverage SAP Extended Warehouse Management (EWM) for Life Science and Pharmaceutical companies-Continued

January 3, 2022 11:25 AM

Categories