WEBVTT

00:00.000 --> 00:10.000
So, I just wanted to take two minutes to thank the volunteers of Forzdem.

00:10.000 --> 00:14.000
Maybe we can give them a small round of applause.

00:14.000 --> 00:15.000
Thanks a lot.

00:15.000 --> 00:21.000
So, I think 25 Thursday has been a while since we live in the future.

00:21.000 --> 00:24.000
And also I ask the AI to write my jokes.

00:24.000 --> 00:28.000
And the AI asked me to ask you if the Wi-Fi is,

00:28.000 --> 00:32.000
you managed to make the Wi-Fi work after our 25 years.

00:32.000 --> 00:36.000
So, even the Wi-Fi jokes are getting old.

00:36.000 --> 00:39.000
So, I'm Remy, I'm a co-founder of Forzdem.

00:39.000 --> 00:42.000
I do some other things, like the open source founder of Forzdem,

00:42.000 --> 00:44.000
it was Emilia at the back.

00:44.000 --> 00:46.000
And in the room, you also have a CDRIC and Kevin,

00:46.000 --> 00:49.000
or like a co-founder of Forzdem.

00:49.000 --> 00:52.000
We've been doing the pilgrimage to Booselle every year,

00:52.000 --> 00:55.000
so it's a blast.

00:55.000 --> 00:59.000
So, anyone using a password manager in the room?

00:59.000 --> 01:01.000
Great.

01:01.000 --> 01:03.000
Who's using password?

01:03.000 --> 01:04.000
So, after what?

01:04.000 --> 01:06.000
We will be giving out a t-shirt and stickers,

01:06.000 --> 01:08.000
so if you want to come, you can, you know,

01:08.000 --> 01:10.000
basically, like, get some swag.

01:10.000 --> 01:12.000
Who's using Bitcoin?

01:12.000 --> 01:15.000
So, you guys are not getting anything.

01:15.000 --> 01:19.000
So, it's a joke, and you can just get it.

01:19.000 --> 01:22.000
We built a password manager,

01:22.000 --> 01:24.000
there is design for collaboration.

01:24.000 --> 01:26.000
So, the main difference is that you can assign permission,

01:26.000 --> 01:31.000
granularity, granularity to secrets.

01:31.000 --> 01:33.000
So, you can store your TOTPs,

01:33.000 --> 01:35.000
you can store your machine-to-machine secret,

01:35.000 --> 01:38.000
your SSH keys, you can store all sort of things,

01:38.000 --> 01:41.000
that are secrets, and that you want them to be

01:41.000 --> 01:42.000
and to an encrypted.

01:42.000 --> 01:46.000
So, you can organize your secret by folders, by group.

01:46.000 --> 01:49.000
You can assign permissions to folders,

01:49.000 --> 01:51.000
and apply this permission recursively.

01:51.000 --> 01:54.000
So, basically, that's the strengths of the software.

01:54.000 --> 01:59.000
And the goal is to solve the collaboration issue

01:59.000 --> 02:02.000
around secret for technical team mostly.

02:02.000 --> 02:05.000
But it can be used by, by pretty much everyone.

02:05.000 --> 02:08.000
So, one of the functionality we developed this year

02:08.000 --> 02:10.000
is, like, let's say you have a secret,

02:10.000 --> 02:12.000
you have a large team, and you want to know

02:12.000 --> 02:15.000
when somebody leaves the organization or is removed from the group,

02:15.000 --> 02:18.000
or is basically, like, living the organization,

02:18.000 --> 02:20.000
you want to know which secret have been accessed

02:21.000 --> 02:24.000
by this person, so that you can mark them as need to be rotated.

02:24.000 --> 02:27.000
So, this is one of the functionality

02:27.000 --> 02:30.000
we built last year around collaboration.

02:30.000 --> 02:33.000
And you can also basically set some policies

02:33.000 --> 02:35.000
around when you want things to expire,

02:35.000 --> 02:38.000
and if you want to make your user life a nightmare,

02:38.000 --> 02:41.000
you can just, like, expire everything at every 30 days.

02:41.000 --> 02:48.000
So, we have native apps on, you know, Apple and Android.

02:49.000 --> 02:53.000
You require an extension to run password.

02:53.000 --> 02:56.000
So, this is required for the reason

02:56.000 --> 02:58.000
that if the server is compromised,

02:58.000 --> 03:01.000
we don't want to give the attacker the opportunity to change the code

03:01.000 --> 03:04.000
that is relative to the cryptographic elements

03:04.000 --> 03:06.000
or, like, the key management.

03:06.000 --> 03:09.000
So, it gives us some interesting properties.

03:09.000 --> 03:11.000
So, for example, we can display this annoying incomes

03:11.000 --> 03:15.000
in your forms, and we can also, like, basically run updates automatically

03:16.000 --> 03:18.000
so the clients are always up to date things

03:18.000 --> 03:22.000
to the browser extension or to update functionalities.

03:22.000 --> 03:26.000
It's also available in a terminal near you.

03:26.000 --> 03:31.000
So, it means you can access your secrets using command line

03:31.000 --> 03:32.000
or even kernel.

03:32.000 --> 03:35.000
So, you can pipe the output of kernel

03:35.000 --> 03:37.000
and since a password used open PGP,

03:37.000 --> 03:39.000
you can decrypt the secrets and, like,

03:39.000 --> 03:42.000
use them directly in your, like, CICD pipelines.

03:42.000 --> 03:46.000
So, also, for the cool kids, some Kubernetes operator.

03:46.000 --> 03:50.000
So, you can, basically, inject the secrets from

03:50.000 --> 03:55.000
passballing to your Kubernetes cartel on that.

03:55.000 --> 04:01.000
So, passballing is available on all Linux platforms.

04:01.000 --> 04:04.000
So, we have packages, native packages for Ubuntu,

04:04.000 --> 04:05.000
and all sort of things.

04:05.000 --> 04:08.000
We also support open Suzy.

04:08.000 --> 04:10.000
So, we have a partnership with Suzy.

04:10.000 --> 04:13.000
And so, now, we are sure that the packages will work,

04:13.000 --> 04:15.000
because it was not the case before.

04:15.000 --> 04:18.000
And, yeah, it's fully open source.

04:18.000 --> 04:22.000
You learn the paid version, so, like, that's something

04:22.000 --> 04:23.000
worse to mention.

04:23.000 --> 04:26.000
We do around three security audits per year.

04:26.000 --> 04:29.000
So, we work with security tree, which is, like,

04:29.000 --> 04:31.000
security research and Germany.

04:31.000 --> 04:33.000
So, they're just completed one in December,

04:33.000 --> 04:37.000
and we have one running right now by another film in the US.

04:37.000 --> 04:41.000
So, we do our work when it comes to security.

04:41.000 --> 04:44.000
What's cooking for 20, 25.

04:44.000 --> 04:46.000
So, for the ones that are using passballing.

04:46.000 --> 04:51.000
One of the main changes that will come to V5 is

04:51.000 --> 04:52.000
an encrypted metadata.

04:52.000 --> 04:57.000
One of the difficulty when creating a credential manager

04:57.000 --> 05:00.000
is that you have different people that have different

05:00.000 --> 05:01.000
kind of requirements.

05:01.000 --> 05:04.000
So, on one side, you're going to have the consumers.

05:04.000 --> 05:10.000
So, for example, run, like, your, like, my mom or whatever.

05:10.000 --> 05:13.000
And then, on the other side, you're going to have, like,

05:13.000 --> 05:18.000
companies like banks, or, like, that have strong

05:18.000 --> 05:21.000
requirements when it comes to security.

05:21.000 --> 05:24.000
And they have, like, requirements that are defined by the state,

05:24.000 --> 05:28.000
or, like, whatever industry they are working on, depends.

05:28.000 --> 05:31.000
So, historically, passport has been more on that side.

05:31.000 --> 05:33.000
So, on that side, it is expected that, for example,

05:33.000 --> 05:36.000
your administrator, no, who you are.

05:36.000 --> 05:37.000
It knows your name.

05:37.000 --> 05:40.000
It knows, like, and on the other side, you have, like,

05:40.000 --> 05:43.000
the expectations that my passport manager doesn't know

05:43.000 --> 05:46.000
when I'm using a certain credential to go somewhere.

05:46.000 --> 05:48.000
On this side, the administrator wants to know

05:48.000 --> 05:49.000
when you're using credentials.

05:49.000 --> 05:51.000
So, it's, it's, it's been, like,

05:51.000 --> 05:54.000
uh, complicated to balance all these requirements

05:54.000 --> 05:57.000
because sometimes you have organization that behaves, like,

05:57.000 --> 05:58.000
uh, consumers.

05:58.000 --> 05:59.000
So, they want privacy.

05:59.000 --> 06:01.000
So, let's say you're an organization that organizes a protest.

06:01.000 --> 06:03.000
You won't anonymity.

06:03.000 --> 06:06.000
But, uh, if you're a bank, you absolutely don't want that.

06:06.000 --> 06:09.000
So, we've been trying to balance the requirements,

06:09.000 --> 06:12.000
even though historically, we've been leaning on that side.

06:12.000 --> 06:15.000
So, one of the changes that we're introducing with, uh,

06:15.000 --> 06:18.000
V5, and it's actually available in V4.10.

06:18.000 --> 06:21.000
And, uh, we work out to ship the V4.11.

06:21.000 --> 06:23.000
So, you can, uh, actually test it.

06:23.000 --> 06:25.000
So, there is a feature flag that you can enable,

06:25.000 --> 06:27.000
and you can test and collect it metadata.

06:27.000 --> 06:30.000
In version 4, even though it would be available,

06:30.000 --> 06:34.000
only in version 5, you can already test it with, uh, version 4.

06:34.000 --> 06:37.000
So, the main change is that we will encrypt the metadata.

06:37.000 --> 06:40.000
So, on, there will be several ways you can do that.

06:40.000 --> 06:43.000
One way is you encrypt with your personal key.

06:43.000 --> 06:46.000
So, let's say you want to use it more on the consumer side.

06:46.000 --> 06:48.000
You can use your personal key, and then the administrative

06:48.000 --> 06:51.000
will not be able to see, uh, your secrets or, like,

06:51.000 --> 06:53.000
anything related to your secret.

06:53.000 --> 06:57.000
And, if you are sharing, then we will use a share key,

06:57.000 --> 06:59.000
uh, to encrypt the metadata.

06:59.000 --> 07:02.000
So, uh, passable to use OpenTDP, which is a, uh,

07:02.000 --> 07:04.000
uh, hybrid crypto system.

07:04.000 --> 07:07.000
So, you have, like, a random session key, uh, iOS key.

07:07.000 --> 07:10.000
There is encrypted with, uh, uh, public key.

07:10.000 --> 07:14.000
And, uh, all together, that makes the secret, uh, uh,

07:14.000 --> 07:18.000
so, there will be options for administrator to choose, uh,

07:18.000 --> 07:20.000
if they want to desalow, for example, personal usage,

07:20.000 --> 07:22.000
they can, or if you want to turn your passable

07:22.000 --> 07:26.000
into, uh, personal usage only, uh, you will be able to do that

07:26.000 --> 07:27.000
through, through the settings.

07:27.000 --> 07:30.000
So, uh, it's been, uh, quite a bit of work.

07:30.000 --> 07:32.000
As you can imagine, that's why it, like,

07:32.000 --> 07:34.000
it's called, uh, passable version 5.

07:34.000 --> 07:38.000
So, um, that will improve the security posture.

07:38.000 --> 07:40.000
Uh, I think I'm running out of time.

07:40.000 --> 07:42.000
So, like, yeah, I'm just going to skip that,

07:42.000 --> 07:45.000
but if you want, uh, uh, sneak peek at, uh,

07:45.000 --> 07:47.000
hold the UI will, uh, change.

07:47.000 --> 07:49.000
There is some, because it's a major version,

07:49.000 --> 07:51.000
we add to, you know, give it a little, uh,

07:51.000 --> 07:52.000
repo lineage.

07:52.000 --> 07:54.000
So, uh, yeah.

07:54.000 --> 07:56.000
Um, you will be able to construct your secret,

07:57.000 --> 08:00.000
and basically, uh, uh,

08:00.000 --> 08:02.000
like Lagos, add some components to, uh,

08:02.000 --> 08:04.000
your secret, so you'll be able to construct

08:04.000 --> 08:06.000
the kind of resource types that you want to use.

08:06.000 --> 08:09.000
So, I'm running out of time, but we are outside,

08:09.000 --> 08:11.000
if you want to talk about it, uh,

08:11.000 --> 08:13.000
we have some other goodies that are coming up soon

08:13.000 --> 08:15.000
in a version 5 X series,

08:15.000 --> 08:17.000
and, uh, thank you for us, then.

08:17.000 --> 08:19.000
And so if you're all thinking too much better.

08:19.000 --> 08:20.000
Thank you, baby.

08:20.000 --> 08:21.000
Thank you, baby.

08:21.000 --> 08:24.000
Thank you, baby.