No Secrets Left Behind: A Secure Dev Container from the Ground Up

​Hardcoded credentials, secrets in environment variables, tokens committed to source control. These are engineering habits that quietly create security incidents. This session shows how to close those gaps for good.

You will leave with a working, secure-by-default local engineering environment built on Dev Containers and PowerShell. The kind of setup that makes doing the right thing the path of least resistance. No more "I'll fix it later." No more secrets that live in twelve places at once.

The session covers the full stack of protection: from the simplest habit of separating secrets from code, all the way to an encrypted KeePass vault bind-mounted read-only into a hardened Dev Container. A setup where your PowerShell tooling, your editor configuration, and your source control hygiene all work together to keep credentials exactly where they belong: locked away, and retrieved only at the moment they are needed.

That includes a live demo of secure authentication to Azure. No credentials in environment variables, no plaintext in terminal output, no tokens in clipboard history. Every step follows patterns that are verifiable, auditable, and ready to take back to your team on Monday.

Whether you are a solo engineer cleaning up years of shortcuts or a tech lead setting the standard for a professional engineering team, this session gives you the patterns, the tooling, and the working code to get there.