2024-02-06, 17:35–18:00, B.1.017
Ansible code often gets executed with a very high level of access to ensure it can perform all the necessary actions to complete its task. This high level of access creates the risk of attacks leveraging the automation code as an attack vector.
It is possible to use cryptographic signatures to prevent the risk of executing code that has not been properly vetted.
In this talk, we will see how it is possible to integrate cryptographical assurances into Ansible, and we will delve into some implementation decisions and suggestions to ensure that the result completely satisfies the requirements.
Fabio Alessandro Locati - commonly known as Fale - is an EMEA Associate Principal Solutions Architect at Red Hat, public speaker, published author, and Open Source contributor. His main areas of expertise are Linux, containers (ie: Kubernetes), automation (ie: Ansible), security, cloud (mainly AWS and GCP), cloud technologies, databases, and networking.
With more than 15 years of working experience in the field, he has experienced different IT roles, technologies, and languages. Fale has consulted for many different companies, starting from a one-man company to Fortune 500 companies. This has allowed him to consider various technologies from different points of view, helping him develop critical thinking and understand very quickly whether a particular technology is the right one for a specific project or not.
Since he is always looking for better technologies, he also tries new technologies to see their advantages over the old ones and their maturity status. Some of the things Fale evaluates about every technology are the security, the ethical, and functional consequences of it.
Over the years he gave more than 50 talks about his work, the projects he helps in his spare time, IT ethics, and his vision of IT and security worlds.
He is the author of Practical Ansible, Practical Ansible 2, Learning Ansible 2, Learning Ansible 2.7, and OpenStack Cloud Security. In the spare time he helps in the Kubernetes, Fedora Project, Ansible, Wikimedia, Open Street Map communities as well as in many smaller projects on GitHub and similar platforms.