Keys, Keys Everywhere! But what are we doing to protect them?

Keys are everywhere! We use them to do connect to everyday external services such as Mailchimp, Authorize.net, SMTP gateways etc.. They're also used in more complex scenarios like data encryption.

But what are we doing to protect them? How do we know our keys are safe? Who has access to my keys?

These are all important questions we should be asking as a community and as those responsible for our site's security. We will be reviewing what is currently available to manage your keys and what can be done as a community to make this better for the future of Drupal. This will include our experience coming up with the architecture for and creating the Key Module https://www.drupal.org/project/key. We will also cover what is available (from open source to SAAS) from a system architect's perspective to properly manage keys throughout the development cycle.

Leaving this session, we hope you have awareness of the importance of proper key management and practical steps to securing your site's keys.