Managing Application Secrets Like a Pro Using Google Secret Manager

At the beginning of last year, I wrote an article titled How to secure and manage secrets using Google Cloud KMS , explaining how we can use Google Cloud KMS (Key Management System) to encrypt secrets and securely use it in our applications. I mentioned it is a decent approach because of the lack of support for good secret management solutions within the Google cloud ecosystem. It is kind of, a hacky way to get the job done, because,...

April 4, 2020 · Ramesh Lingappan

What Is Secure Remote Password(SRP) Protocol and How to Use It

“Password” this crazy piece of string worth a lot, get a lot of attention but yet very hard to process & hide. Even with the multi-factor approach, it is crucial to design the first step right (which is what the user knows). It becomes increasingly harder for the software systems to securely authenticate their users, process the sensitive password in a right & secure way. One of the most common approaches is, Password Hashing

November 21, 2019 · Ramesh Lingappan

How to secure and manage secrets using Google Cloud KMS

Let’s jump right in. We all know it’s a bad idea to store application secrets within our code. So why we are storing there it still? Let’s take an example. We could store those secrets in a file and add it to the gitignore so it’s not added to version control. But there are a couple of hurdles: How do we manage those secrets? What happens when the local copy is deleted?...

January 7, 2019 · Ramesh Lingappan

Best practices for building secure API Keys

We all know how valuable APIs are. They’re the gateway to exploring other services, integrating with them, and building great solutions faster. You might have built or are thinking of building APIs for other developers to use. An API needs some form of authentication to provide authorised access to the data it returns. There are several authentication standards available today such as API Keys, OAuth, JWT, etc. In this article, we’ll look at how to correctly manage API Keys to access APIs....

September 30, 2018 · Ramesh Lingappan

What is session hijacking and how you can stop it

This story is for beginners and anyone who has a basic understanding about cookies (sessions cookies), but who’s not sure how to secure them properly. You don’t have to be a security expert to do that. You just have to understand the process and then you will know.

April 24, 2018 · Ramesh Lingappan