aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
  • DevOps
  • Platforms
  • Tools

4 Open Source Cloud Security Tools

  • root
  • September 16, 2019
  • 4 minute read

If your day-to-day as a developer, system administrator, full-stack engineer, or site reliability engineer involves Git pushes, commits, and pulls to and from GitHub and deployments to Amazon Web Services (AWS), security is a persistent concern. Fortunately, open source tools are available to help your team avoid common mistakes that could cost your organization thousands of dollars.

This article describes four open source tools that can help improve your security practices when you’re developing on GitHub and AWS. Also, in the spirit of open source, I’ve joined forces with three security experts—Travis McPeak, senior cloud security engineer at Netflix; Rich Monk, senior principal information security analyst at Red Hat; and Alison Naylor, principal information security analyst at Red Hat—to contribute to this article.


Partner with aster.cloud
for your next big idea.
Let us know here.



From our partners:

CITI.IO :: Business. Institutions. Society. Global Political Economy.
CYBERPOGO.COM :: For the Arts, Sciences, and Technology.
DADAHACKS.COM :: Parenting For The Rest Of Us.
ZEDISTA.COM :: Entertainment. Sports. Culture. Escape.
TAKUMAKU.COM :: For The Hearth And Home.
ASTER.CLOUD :: From The Cloud And Beyond.
LIWAIWAI.COM :: Intelligence, Inside and Outside.
GLOBALCLOUDPLATFORMS.COM :: For The World's Computing Needs.
FIREGULAMAN.COM :: For The Fire In The Belly Of The Coder.
ASTERCASTER.COM :: Supra Astra. Beyond The Stars.
BARTDAY.COM :: Prosperity For Everyone.

We’ve separated each tool by scenario, but they are not mutually exclusive.

1. Find sensitive data with Gitrob

You need to find any potentially sensitive information present in your team’s Git repos so you can remove it. It may make sense for you to use tools that are focused towards attacking an application or a system using a red/blue team model, in which an infosec team is divided in two: an attack team (a.k.a. a red team) and a defense team (a.k.a. a blue team). Having a red team to try to penetrate your systems and applications is lots better than waiting for an adversary to do so. Your red team might try using Gitrob, a tool that can clone and crawl through your Git repositories looking for credentials and sensitive files.

Even though tools like Gitrob could be used for harm, the idea here is for your infosec team to use it to find inadvertently disclosed sensitive data that belongs to your organization (such as AWS keypairs or other credentials that were committed by mistake). That way, you can get your repositories fixed and sensitive data expunged—hopefully before an adversary finds them. Remember to remove not only the affected files but also their history!

Read More  The Future Of Work Requires A More Human Approach To Security

2. Avoid committing sensitive data with git-secrets

While it’s important to find and remove sensitive information in your Git repos, wouldn’t it be better to avoid committing those secrets in the first place? Mistakes happen, but you can protect yourself from public embarrassment by using git-secrets. This tool allows you to set up hooks that scan your commits, commit messages, and merges looking for common patterns for secrets. Choose patterns that match the credentials your team uses, such as AWS access keys and secret keys. If it finds a match, your commit is rejected and a potential crisis averted.

It’s simple to set up git-secrets for your existing repos, and you can apply a global configuration to protect all future repositories you initialize or clone. You can also use git-secrets to scan your repos (and all previous revisions) to search for secrets before making them public.

3. Create temporary credentials with Key Conjurer

It’s great to have a little extra insurance to prevent inadvertently publishing stored secrets, but maybe we can do even better by not storing credentials at all. Keeping track of credentials generally—including who has access to them, where they are stored, and when they were last rotated—is a hassle. However, programmatically generating temporary credentials can avoid a lot of those issues altogether, neatly side-stepping the issue of storing secrets in Git repos. Enter Key Conjurer, which was created to address this need. For more on why Riot Games created Key Conjurer and how they developed it, read Key conjurer: our policy of least privilege.

4. Apply least privilege automatically with Repokid

Anyone who has taken a security 101 course knows that least privilege is the best practice for role-based access control configuration. Sadly, outside school, it becomes prohibitively difficult to apply least-privilege policies manually. An application’s access requirements change over time, and developers are too busy to trim back their permissions manually. Repokid uses data that AWS provides about identity and access management (IAM) use to automatically right-size policies. Repokid helps even the largest organizations apply least privilege automatically in AWS.

Read More  AWS Launches Infrastructure Region In Spain

Tools, not silver bullets

These tools are by no means silver bullets, but they are just that: tools! So, make sure you work with the rest of your organization to understand the use cases and usage patterns for your cloud services before trying to implement any of these tools or other controls.

Becoming familiar with the best practices documented by all your cloud and code repository services should be taken seriously as well. The following articles will help you do so.

For AWS:

  • Best practices for managing AWS access keys
  • AWS security audit guidelines

For GitHub:

  • Introducing new ways to keep your code secure
  • GitHub Enterprise security best practices

Last but not least, reach out to your infosec team; they should be able to provide you with ideas, recommendations, and guidelines for your team’s success. Always remember: security is everyone’s responsibility, not just theirs.

 

Anderson Silva

This article originally appeared in opensource.com

 


For enquiries, product placements, sponsorships, and collaborations, connect with us at [email protected]. We'd love to hear from you!

Our humans need coffee too! Your support is highly appreciated, thank you!

root

Related Topics
  • AWS
  • Cloud Security
  • GitHub
You May Also Like
notta-ai-header
View Post
  • Featured
  • Tools

Notta vs Fireflies: Which AI Transcription Tool Deserves Your Attention in 2025?

  • May 16, 2025
Google Cloud and Smart Communications
View Post
  • Platforms
  • Technology

Smart Communications, Inc. Dials into Google Cloud AI to Help Personalize Digital Services for Filipinos

  • October 25, 2024
zedreviews-Apple-iPhone-16-Pro-finish-lineup-240909
View Post
  • Featured
  • Gears
  • Tech
  • Technology
  • Tools

Apple debuts iPhone 16 Pro and iPhone 16 Pro Max

  • September 10, 2024
zedreviews-Apple-AirPods-Active-Noise-Cancellation-240909
View Post
  • Featured
  • Gears
  • Tech
  • Technology
  • Tools

Apple introduces AirPods 4 and the world’s first all-in-one hearing health experience with AirPods Pro 2

  • September 10, 2024
View Post
  • Platforms
  • Public Cloud

Empowering builders with the new AWS Asia Pacific (Malaysia) Region

  • August 30, 2024
Red Hat and Globe Telecoms
View Post
  • Platforms
  • Technology

Globe Collaborates with Red Hat Open Innovation Labs to Modernize IT Infrastructure for Greater Agility and Scalability

  • August 19, 2024
Huawei Cloud Cairo Region Goes Live
View Post
  • Cloud-Native
  • Computing
  • Platforms

Huawei Cloud Goes Live in Egypt

  • May 24, 2024
Asteroid
View Post
  • Computing
  • Platforms
  • Technology

Asteroid Institute And Google Cloud Identify 27,500 New Asteroids, Revolutionizing Minor Planet Discovery With Cloud Technology

  • April 30, 2024

Stay Connected!
LATEST
  • 1
    It’s time to stop debating whether AI is genuinely intelligent and focus on making it work for society
    • June 8, 2025
  • cookies-food-photographer-jennifer-pallian-OfdDiqx8Cz8-unsplash 2
    What is a cookie?
    • June 6, 2025
  • person-working-html-computer 3
    8 benefits of AI as a service
    • June 6, 2025
  • 4
    Where is the cloud headed?
    • June 6, 2025
  • 5
    Cloud breaches are surging, but enterprises aren’t quick enough to react
    • June 6, 2025
  • 6
    Enterprises are keen on cloud repatriation – but not for all workloads
    • June 4, 2025
  • 7
    The Summer Adventures : Hiking and Nature Walks Essentials
    • June 2, 2025
  • 8
    Just make it scale: An Aurora DSQL story
    • May 29, 2025
  • 9
    Reliance on US tech providers is making IT leaders skittish
    • May 28, 2025
  • Examine the 4 types of edge computing, with examples
    • May 28, 2025
about
Hello World!

We are aster.cloud. We’re created by programmers for programmers.

Our site aims to provide guides, programming tips, reviews, and interesting materials for tech people and those who want to learn in general.

We would like to hear from you.

If you have any feedback, enquiries, or sponsorship request, kindly reach out to us at:

[email protected]
Most Popular
  • Understand how Windows Server 2025 PAYG licensing works
    • May 20, 2025
  • By the numbers: How upskilling fills the IT skills gap
    • May 21, 2025
  • Global communication equipment in futuristic server room generated by artificial intelligence 3
    Weigh these 6 enterprise advantages of storage as a service
    • May 28, 2025
  • AI and private cloud: 2 lessons from Dell Tech World 2025
    • May 28, 2025
  • 5
    Broadcom’s ‘harsh’ VMware contracts are costing customers up to 1,500% more
    • May 28, 2025
  • /
  • Technology
  • Tools
  • About
  • Contact Us

Input your search keywords and press Enter.