Session
Beyond Plaintext State: Building Zero-Trust Infrastructure with OpenTofu's Advanced Encryption & Eph
State files for infrastructure are treasure troves for attackers—containing secrets, API keys, and sensitive config values. Traditional "sensitive" annotations hide values from CLI output but persist all in plaintext.
OpenTofu's added security features flip the script. Ephemeral resources exist only in runtime, write-only attributes guarantee secrets never find their way into state files, and S3 backend encryption unified encrypts data at rest and in transit.
In this talk:
1. Why traditional sensitive markings aren't enough for real security
2. How to implement ephemeral resources for temporary credentials and secrets
3. Deploying write-only attributes to eliminate plaintext passwords from state
4. Configuring OpenTofu's enhanced S3 encryption for multi-layered protection
5. Real-world strategies from vulnerable to zero-trust infrastructure
Attendees will learn to build truly secure infrastructure-as-code pipelines that protect sensitive data throughout the entire lifecycle.
Aseem Shrey
Securing Your Products, One Feature at a Time | Founder, ShipSec.ai - AI Security Copilot | Founder, SecureMyOrg | Earlier Security Engineer @ Yahoo, Rippling, Gojek & Blinkit
Pittsburgh, Pennsylvania, United States
Links
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top