I'm still confused. How does this "request" process to the secret manager happens? In my understanding, the secret manager will only approve the "request" if the requestor can somehow prove that he/she is who he/she claims to be. But, isn't that means we are still dealing with user credentials here? So what does the secret manager really achieve? Is it just adding a centralized layer so that we can easily "revoke" a permission from a particular user to particular service?

Thanks for this. Kudos to the PM who thought of this. This feels like a much needed product. Thank you and kudos to the teams for making this happen.

The title of the video is somewhat confusing. It mostly goes over the usages of secret management and doesnt even scratch the surface of HOW this is implemented (i.e. HSM). I'd love to see more of latter.

Why not use certificates?

That just kicks the ball down the street one level of indirection. It’s better and you can using the centralized mechanism fix a breach but the client still is the weak link. Thx for the videos. They are all interesting.

I need to login via single sign on Application. Prompts network credentials on this single sign on Page. What if I create synthetic ID(user/pwd)? Store them in Secret Mgr. I still would need user and password to login to SSO App for Automated Testing . Only difference is I now get the credentials calling SMS? 🤔 Is this ok Data Breach ?

I needed this. Does anyone knows a similar secret store manager like the IBM DCM and google secret manager?

Requester - AD/Cloiud permission under IAM Policies and protocols - Gaining level of acesss - 9 Minutes Clip ?

what is microservices

awesome