Chapter 05: Identity, Authentication, and Secrets

Word target: 3,500
Primary deliverable: Access control baseline and secret rotation playbook
Key diagrams: Trust boundary and credential flow

Learning Goals

• Enforce key-based access and least privilege.
• Design identity approach that can evolve from local-only to centralized auth.
• Implement secret storage and rotation procedures.

MVP Lab Worksheet

• Objective: Enforce secure SSH baseline.
• Starting state: Ubuntu nodes reachable.
• Steps:
  1. Disable password SSH auth.
  2. Configure least-privilege sudo roles.
  3. Store service credentials in a secrets workflow.
• Evidence: SSH config diff + access tests.
• Exit criteria: No password-based remote login paths remain.
• Rollback: Emergency break-glass console procedure documented.

Advanced Lab Worksheet

• Objective: Credential rotation without downtime.
• Starting state: Services with managed secrets.
• Steps:
  1. Rotate one DB/app credential pair.
  2. Validate service continuity.
  3. Record rotation cadence and ownership.
• Evidence: Rotation log + uptime proof.
• Exit criteria: Rotation runbook validated.
• Rollback: Revert to previous secret version.

Portability Placeholder

Document identity provider-neutral patterns before naming specific tooling.