Back to Basics: Secrets Management - 이중 자막
Hello, welcome to another episode of Back to Basics.
My name is Hari Singeredi.
I'm a Solutions Architect here at AWS.
Today we are going to talk about managing and protecting secret information needed for your applications to perform its function.
These information could be your database passwords,
your IAM access keys, your SSH keys or any other information your application needs to perform its regular function.
Here I want to call out two best practices from AWS well architected framework security.
First one is store and retrieve these secure secrets.
Second one is audit and rotate these secrets securely and frequently.
Let's take you have an application that needs to communicate with the database.
So to open a connection to the database,
it needs database connection information, like the database server name, database port number, and secrets information like database username and database password.
So let's take a look at the architectural considerations first.
So there are a few things that you need to ask yourself.
First, where do you store these secrets securely?
Second, how does your application get access to these secrets?
Third, how often do you rotate these secrets?
And finally, when you rotate these secrets, how does your application know about the latest version of these secrets?
AWS Manager lets you store text in the protected data portion of the secret.
In this scenario, these could be your database username, password, and all other database correction information.
And data protection is a key security best practice, always encrypt data at rest.
So to achieve this, Secrets Manager encrypts the protected text of a secret by using AWS Key Management Service or KMS.
You can either use the default CMK for Secrets Manager or you can call it created CMK.
A common anti-pattern that we see is hard coding credentials in your application source code.
It's not a good idea because if somebody has access to your application source code, they now have access to your data.
AWS Secrets Manager allows for programmatic retrieval of secrets.
So to retrieve secrets, you simply replace plaintext secrets with code to pull in those secrets at runtime using Secrets Manager APIs.
You can also use AWS IAM permission policies to control access to your secret.
So in this scenario,
you can attach a policy to the role used by your application to give it read-only permissions on the database secrets.
And as I mentioned earlier, data protection is very important.
Secrets manager by default only accepts requests from hosts using open-standard TLS and perfect
forward secrecy and also ensures encryption of your secret while in transit.
Now, that storage and retrieval of the secret is set up, let's take a look at the second
security best practice, which is audit and rotate the secrets periodically.
Periodic rotation of secrets is really important from a security perspective.
If you don't change your secrets for a long period of time, the secrets become more likely to be compromised.
As a security best practice, we recommend that you regularly rotate your secrets.
You can configure Secrets Manager to automatically rotate without any manual intervention and on a specified schedule.
you.
Secrets uses AWS Lambda functions to rotate the credentials.
Secrets Manager out of the box comes fully configured and ready-to-use rotation support for Amazon RDS databases,
Amazon Aurora, Amazon DocumentDB, and Amazon Redshift.
If you need to rotate credentials for any other service than what I just mentioned,
you can also define and implement rotation using a custom Since your application is already configured to pull the latest credentials,
it will get the latest credentials next time it tries to access the database.
So if we take a look at the high-level overview of the pattern, you store your credentials in Secrets Manager.
Secrets Manager will take care of the rotation and maintaining the latest set of credentials for you.
always pulls the latest set of credentials from Secrets Manager at runtime.
And of this is happening securely and automatically.
There you have it.
Check out the resources below for more details and thanks for tuning in.
더 많은 기능 잠금 해제
Trancy 확장 프로그램을 설치하면 AI 자막, AI 단어 정의, AI 문법 분석, AI 구술 등을 포함한 더 많은 기능을 사용할 수 있습니다.
인기 있는 비디오 플랫폼과 호환
Trancy는 YouTube, Netflix, Udemy, Disney+, TED, edX, Kehan, Coursera 등의 플랫폼에서 이중 자막을 지원하는데 그치지 않고, 일반 웹 페이지에서 AI 단어/문장 번역, 전체 문장 번역 등의 기능도 제공하여 진정한 언어 학습 도우미가 됩니다.
다양한 플랫폼 브라우저 지원
Trancy는 iOS Safari 브라우저 확장 프로그램을 포함하여 모든 플랫폼에서 사용할 수 있습니다.
다양한 시청 모드
극장, 읽기, 혼합 등 다양한 시청 모드를 지원하여 전체적인 이중 자막 체험을 제공합니다.
다양한 연습 모드
문장 청취, 구술 평가, 선택 공백, 테스트 등 다양한 연습 방식을 지원합니다.
AI 비디오 요약
OpenAI를 사용하여 비디오 요약을 생성하여 핵심 내용을 빠르게 파악할 수 있습니다.
AI 자막
3-5분 만에 YouTube AI 자막을 생성하여 정확하고 빠른 자막을 제공합니다.
AI 단어 정의
자막에서 단어를 탭하면 정의를 검색하고 AI 단어 정의 기능을 활용할 수 있습니다.
AI 문법 분석
문장에 대한 문법 분석을 수행하여 문장의 의미를 빠르게 이해하고 어려운 문법을 습득할 수 있습니다.
더 많은 웹 기능
Trancy는 비디오 이중 자막 뿐만 아니라 웹 페이지의 단어 번역 및 전체 문장 번역 기능도 제공합니다.