Security · Intermediate · Live online
Secrets and Configuration Hygiene
Environment layering, rotation cadence, and least privilege defaults.
Secrets rot silently. We focus on calendars, scanners, and boring runbooks—not buzzword zero trust decks.
Duration: 2 weeks
Tuition (informational): 3,100,000 VND
Final quotes come from admissions. See Money-Back Policy for eligibility.
What ships in the syllabus
- 12-factor refresher with anti-patterns
- Dotenv vs runtime injection tradeoffs
- Rotation calendar template
- Break-glass access note template
- Audit of sample repo secrets risk
- KMS conceptual mapping (cloud agnostic)
- Mentor AMA on CI secret scanners
Outcomes we actually assess
- Produce a rotation calendar for one integration
- Remove one unsafe secret pattern from sample repo fork
- Draft break-glass steps for on-call
Khoa Le
Learner operations lead; designs weekly office hours and code walkthroughs.
FAQ — including what we skip
Vault?
Referenced conceptually; labs use local env + SOPS-style patterns on paper.
Hardware HSM?
Out of scope.
Limitation?
No legal compliance attestation.
Experience notes
“Rotation calendar got adopted by ops without a fight.”