An unarguable truth in software is that, at some point, failure is inevitable. Code breaks, servers crash, the power goes out – but building software that is designed to fail gracefully isn't always front-of-mind.

In this talk, we’ll walk through the process of designing of a resilient, real-world system; exploring how to handle failure at every layer. From redundancy and circuit breakers, to handling automated full or partial failover, we’ll cover practical techniques for building robust systems that keep working when things go wrong. As complexity grows, we’ll examine how architectural choices affect failure modes, and how to mitigate common tradeoffs like latency, data consistency, and degraded functionality.

We'll also explore what it takes to build reliability into team processes & mindset; identifying critical requirements and dependencies, to designing with user expectations in mind. Finally we’ll highlight the role of observability via health checks and OpenTelemetry, and automated tools for stress testing our systems, in helping teams make fast, informed decisions under pressure.

You will leave armed with practical tips, tools, and techniques to make sure your systems are designed to fail (gracefully)... and crucially recover!

Admit it: we've all checked in an API key or password to a repo at some point... Oops... No one wants their secrets to accidentally leak, so this session is your essential refresher on secret management (and mismanagement!) for your applications and beyond!

Let's explore the range of methods and benefits of securely handling secrets for local development: from features baked into your IDE (Visual Studio, Rider), to secret management services (Azure KeyVault, AWS / GCP Secret Manager), and even loading them from your password manager of choice (i.e. 1Password). We'll progress to look at accessing secrets as part of a CI/CD pipeline, or loading them into infrastructure at runtime, to eliminate hard-coded secrets from every aspect of our projects.

What about when things inevitably go slightly wrong...?

We will follow the stories of a few real world breaches: what went wrong, how we responded, the lessons we learnt, and how that feeds back into our processes.

I will discuss the processes we have implemented with our clients to manage secrets on a large scale – including following a least trust approach, methods for revoking and cycling credentials, and appropriately mapping our dependencies so we can measure the impact of a change.

Finally, we will look at the ways automation can help, including configuring automatic secret detection tools (GitHub and Azure DevOps) and CodeQL checks in our pipelines.