Secret Delivery Process Survey by QualiMente / NoDrama DevOps

This survey will ask questions about how your organization delivers secrets to applications and manages their use.  This information will be kept anonymous.

Question Title

* 1. Please select the areas that you would describe as a 'focus' of your work, occupying 1/3rd of your attention or more, maximum 3

Question Title

* 3. What is the size of your organization?

Question Title

* 4. Which platforms do you deploy applications on? Check all that apply

Question Title

* 5. How familiar are you with delivering secrets to applications?

Question Title

* 6. How satisfied are you with your current process for delivering secrets to applications in their runtime environment via an automated pipeline?

Question Title

* 7. How safe is your existing application secret management and delivery process?  For this question, assume the process is delivering secrets to 10 applications.

Question Title

* 8. How do your applications read or retrieve their secrets when starting up? Check all that apply

Question Title

* 9. Which secret vaults do you want to use as the source (system of record) for application secrets? Check all that apply

Question Title

* 10. Which secret vaults do you want applications or startup scripts to read secrets from at runtime? Check all that apply

Question Title

* 11. What are the biggest challenges in delivering secrets safely to applications in your runtime environment?

Question Title

* 12. What does your secret delivery process need in order to make it self-service for application delivery teams in your organization, if anything?

Question Title

* 13. If you could improve a single aspect of your application secret management and delivery process, what would it be?

Question Title

* 14. Does your organization have a standardized and automated policy for permitting applications' access to secrets? i.e. Only Service A is allowed to access Service A's secrets.

Question Title

* 15. Do you have any tools that help you audit or detect unauthorized use of an application secret?

Question Title

* 16. How quickly is a security control likely to detect unauthorized use of an application secret from the secret vault in your environment?

Examples: 
1. Service B uses Service A's secret.
2. Attacker reads one of Service A's secrets.

Question Title

* 17. If you could improve a single aspect of your application secret audit and anomaly detection process, what would it be?

Question Title

* 18. Would you like me to share the 100% anonymous results of this survey with you? If so, please leave your email address here and I will use it only to communicate with you about the results of this survey.

Question Title

* 19. Would you like to participate in a 30-minute interview to discuss application secret delivery and audit topics in more depth?  If so, please leave your email address here and I will use it only to communicate with you about a secrets research interview.

0 of 19 answered
 

T